STIGQter STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application administrator must follow an approved process to unlock locked user accounts.

DISA Rule

SV-222433r508029_rule

Vulnerability Number

V-222433

Group Title

SRG-APP-000345

Rule Version

APSC-DV-000540

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Create a standard approved process for unlocking locked application accounts which includes validating user identity prior to unlocking the account.

Use that process when unlocking application user accounts.

Check Contents

Interview the application administrator and identify the approved process for unlocking user accounts.

The process may involve a manual or automated reset after the locked out user has identified themselves using standard user identification processes outlined in the vulnerability discussion.

If the admin does not unlock the account following the approved process, and if the process does not have documented ISSO and ISSM approvals, this is a finding.

Vulnerability Number

V-222433

Documentable

False

Rule Version

APSC-DV-000540

Severity Override Guidance

Interview the application administrator and identify the approved process for unlocking user accounts.

The process may involve a manual or automated reset after the locked out user has identified themselves using standard user identification processes outlined in the vulnerability discussion.

If the admin does not unlock the account following the approved process, and if the process does not have documented ISSO and ISSM approvals, this is a finding.

Check Content Reference

M

Target Key

4093

Comments