STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:SV-222407r508029_rule
V-222407
SRG-APP-000023
APSC-DV-000280
CAT II
10
Use automated processes and mechanisms for account management functions.
Review the application documentation and interview the application administrator.
Identify the account management methods, processes and procedures that are used.
If the application is utilizing a centralized authentication mechanism such as Active Directory or LDAP, verify all user account activity is conducted via that solution and no local user accounts that circumvent the automated solution are used.
Determine if automated mechanisms are used when managing application user accounts and taking management action on application user accounts. Automated methods include but are not limited to:
Taking action on accounts that have been determined to be inactive, suspended, terminated, or disabled.
Automated action examples include: deleting such accounts, reactivating accounts in conjunction with a validation or verification process, or sending notifications or reminders to the account holders that their account is about to be disabled or deleted.
Verify the action that is taken is automated and repeatable.
If the account management process is manual in nature, this is a finding.
V-222407
False
APSC-DV-000280
Review the application documentation and interview the application administrator.
Identify the account management methods, processes and procedures that are used.
If the application is utilizing a centralized authentication mechanism such as Active Directory or LDAP, verify all user account activity is conducted via that solution and no local user accounts that circumvent the automated solution are used.
Determine if automated mechanisms are used when managing application user accounts and taking management action on application user accounts. Automated methods include but are not limited to:
Taking action on accounts that have been determined to be inactive, suspended, terminated, or disabled.
Automated action examples include: deleting such accounts, reactivating accounts in conjunction with a validation or verification process, or sending notifications or reminders to the account holders that their account is about to be disabled or deleted.
Verify the action that is taken is automated and repeatable.
If the account management process is manual in nature, this is a finding.
M
4093