Title

Management access points (i.e. administrative/maintenance ports, system access, etc.) are not protected by requiring a valid username and a valid password for access. (Cat I impact)

Discussion

A valid username and a valid password are required to access all management system workstations and administrative / management ports on any device or system. All system management access points must be password protected to ensure that all actions performed on the DSN component can be associated with a specific user. Lack of an account password provides access to anyone who knows the user account name.

Check Content

Have the IAO or SA demonstrate compliance with the requirement; minimally on a sampling of the related or effected devices. Inspect configuration files as applicable.

Fix Text

Ensure that all access points are password protected.

Additional Identifiers

Rule ID: SV-8446r1_rule

Vulnerability ID: V-7960

Group Title: Management access points not password protected

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.