USNS MONTFORD POINT - Findings

Showing 1 unique vulnerabilities (1 total) (filtered) View Documentation Status (90 tracked)

V-206520 CAT I The DBMS must integrate with an organization-level authentic...

1 asset 1 Closed Database Security Re...

Hostname	IP Address	Status	Assigned To	Last Scan	Actions
MONT-DB-002	-			2026-03-06
Finding Details No details recorded. Comments The database server can only be accessed by a privileged user, who creates an Afloat Operations Service Desk ticket. Once the Afloat Operations Service Desk confirms the privileged user has the proper credentials, a domain admin account is created for the user and is valid for 14 days. Installer accounts are created and sent from shore and are authenticated using user id/password. The naming convention for the domain admin account is not consistent across various platforms and installers may not have access to a CAC reader. Application accounts are authenticated using either user id/password or a CAC. This allows flexibility to allow a mariner to access the ShipCLIP application when CAC card issues occur during ship deployments and a mariner is unable to correct until in port.

Check Text

If all accounts are authenticated by the organization-level authentication/access mechanism and not by the DBMS, this is not a finding. If there are any accounts managed by the DBMS, review the system documentation for justification and approval of these accounts. If any DBMS-managed accounts exist that are not documented and approved, this is a finding.

Fix Text

Integrate DBMS security with an organization-level authentication/access mechanism providing account management for all users, groups, roles, and any other principals. For each DBMS-managed account that is not documented and approved, either transfer it to management by the external mechanism, or document the need for it and obtain approval, as appropriate.

Finding Details

Comments

Check Text

Fix Text