Documentation - V-222420

V-222420

Application Security and Development Security Technical Implementation Guide

CAT III

Title

The application must notify system administrators (SAs) and information system security officers (ISSOs) of account removal actions.

Description

<VulnDiscussion>Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to remove an account. Notification of account removal is one method for mitigating this risk. A comprehensive account management process will ensure an audit trail which documents the removal of application user accounts and notifies administrators and ISSOs such accounts no longer exist. This type of ...

Fix Text (Documentation Requirement)

Configure the application to notify the SA and the ISSO when application accounts are removed.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel