Documentation - V-222419

V-222419

Application Security and Development Security Technical Implementation Guide

CAT III

Title

The application must notify system administrators (SAs) and information system security officers (ISSOs) of account disabling actions.

Description

<VulnDiscussion>Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simply create a new account. Notification of account creation is one method for mitigating this risk. A comprehensive account management process will ensure an audit trail which documents the creation of application user accounts and notifies administrators and ISSOs such accounts exist. This type o...

Fix Text (Documentation Requirement)

Configure the application to notify the SA and the ISSO when application accounts are disabled.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel