STIGQter: STIG Summary: WLAN Controller Security Technical Implementation Guide (STIG) Version: 6 Release: 15 Benchmark Date: 26 Apr 2019:

In the event the authentication server is unavailable, the network device must have a single local account of last resort defined.

DISA Rule

SV-3966r6_rule

Vulnerability Number

V-3966

Group Title

More than one local account is defined.

Rule Version

NET0440

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the device to only allow one local account of last resort for emergency access and store the credentials in a secure manner.

Check Contents

Review the network device configuration to determine if an authentication server is defined for gaining administrative access. If so, there must be only one account of last resort configured locally for an emergency.

Verify the username and password for the local account of last resort is contained within a sealed envelope kept in a safe.

If an authentication server is used and more than one local account exists, this is a finding.

Vulnerability Number

V-3966

Documentable

False

Rule Version

NET0440

Severity Override Guidance

Review the network device configuration to determine if an authentication server is defined for gaining administrative access. If so, there must be only one account of last resort configured locally for an emergency.

Verify the username and password for the local account of last resort is contained within a sealed envelope kept in a safe.

If an authentication server is used and more than one local account exists, this is a finding.

Check Content Reference

M

Target Key

1538

Comments