STIGQter: STIG Summary: ForeScout CounterACT NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 12 Sep 2017:

The network device must terminate shared/group account credentials when members leave the group.

DISA Rule

SV-90941r1_rule

Vulnerability Number

V-76253

Group Title

SRG-APP-000317-NDM-000282

Rule Version

CACT-NM-000149

Severity

CAT II

CCI(s)

• CCI-002142 - The information system terminates shared/group account credentials when members leave the group.

Weight

10

Fix Recommendation

Establish and document a procedure that requires the changing of the account of last resort and root account password when users with knowledge of the password leave the group. To change the password:

1. Log on to CounterACT's Administrator UI.
2. From the menu, select Tools >> Options >> User Console and Options >> Password and Login.
3. Enter a new password.

Note: Use of a cryptographically generated password is recommended. Password must be stored in a locked safe and used only when necessary since individual accounts are required to be used to ensure non-repudiation.

Check Contents

Review the documentation to verify that a procedure exists to change the account of last resort and root account password when users with knowledge of the password leave the group.

If a procedure does not exist to change the account of last resort and root account password when users with knowledge of the password leave the group, this is a finding.

Vulnerability Number

V-76253

Documentable

False

Rule Version

CACT-NM-000149

Severity Override Guidance

Review the documentation to verify that a procedure exists to change the account of last resort and root account password when users with knowledge of the password leave the group.

If a procedure does not exist to change the account of last resort and root account password when users with knowledge of the password leave the group, this is a finding.

Check Content Reference

M

Target Key

3225

Comments