Documentation - V-222408

V-222408

Application Security and Development Security Technical Implementation Guide

CAT II

Title

Shared/group account credentials must be terminated when members leave the group.

Description

<VulnDiscussion>If shared/group account credentials are not terminated when individuals leave the group, the user that left the group can still gain access even though they are no longer authorized. A shared/group account credential is a shared form of authentication that allows multiple individuals to access the application using a single account. There may also be instances when specific user actions need to be performed on the information system without unique user identification or authentic...

Fix Text (Documentation Requirement)

Create a procedure for deleting either member accounts or the entire group account when members leave the group.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel