SV-222433r508029_rule
V-222433
SRG-APP-000345
APSC-DV-000540
CAT II
10
Create a standard approved process for unlocking locked application accounts which includes validating user identity prior to unlocking the account.
Use that process when unlocking application user accounts.
Interview the application administrator and identify the approved process for unlocking user accounts.
The process may involve a manual or automated reset after the locked out user has identified themselves using standard user identification processes outlined in the vulnerability discussion.
If the admin does not unlock the account following the approved process, and if the process does not have documented ISSO and ISSM approvals, this is a finding.
V-222433
False
APSC-DV-000540
Interview the application administrator and identify the approved process for unlocking user accounts.
The process may involve a manual or automated reset after the locked out user has identified themselves using standard user identification processes outlined in the vulnerability discussion.
If the admin does not unlock the account following the approved process, and if the process does not have documented ISSO and ISSM approvals, this is a finding.
M
4093