Documentation - V-222422

V-222422

Application Security and Development Security Technical Implementation Guide

CAT III

Title

The application must notify system administrators (SAs) and information system security officers (ISSOs) of account enabling actions.

Description

<VulnDiscussion>Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to enable an account. Notification of account enabling is one method for mitigating this risk. A comprehensive account management process will ensure an audit trail which documents the enabling of application user accounts and notifies administrators and ISSOs such accounts exist. This type of process ...

Fix Text (Documentation Requirement)

Configure the application to notify the SA and the ISSO when application accounts are enabled.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel