STIGQter: STIG Summary: CA API Gateway NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 19 Sep 2016:

The CA API Gateway must automatically remove or disable emergency accounts, except the emergency administration account, after 72 hours.

DISA Rule

SV-86159r1_rule

Vulnerability Number

V-71535

Group Title

SRG-APP-000234-NDM-000272

Rule Version

CAGW-DM-000180

Severity

CAT II

CCI(s)

• CCI-001682 - The information system automatically removes or disables emergency accounts after an organization-defined time period for each type of account.

Weight

10

Fix Recommendation

For existing accounts, set expiry time of an account using command:

chage -E "YYYY-MM-DD" "USERNAME

For new accounts, create using command:

useradd -e <expiry_date> USERNAME

where the expiry date in YYYY-MM-DD format is when you wish the account to expire.

Check Contents

Verify expiry of account with command:

chage -l "USERNAME"

and look at the "Account expires" line for expiry date.

If the expiry date is more than "72" hours after emergency account creation, this is a finding.

Vulnerability Number

V-71535

Documentable

False

Rule Version

CAGW-DM-000180

Severity Override Guidance

Verify expiry of account with command:

chage -l "USERNAME"

and look at the "Account expires" line for expiry date.

If the expiry date is more than "72" hours after emergency account creation, this is a finding.

Check Content Reference

M

Target Key

3051

Comments