NET0460 - Group accounts are defined.

Information

Group accounts must not be configured for use on the network device.

Group accounts configured for use on a network device do not allow for accountability or repudiation of individuals using the shared account. If group accounts are not changed when someone leaves the group, that person could possibly gain control of the network device. Having group accounts does not allow for proper auditing of who is accessing or changing the network.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Review the network device configuration and validate there are no group accounts configured for access. If a group account is configured on the device, this is a finding.

Solution

Configure individual user accounts for each authorized person then remove any group accounts.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Network_L2_Switch_V8R27_STIG.zip

Item Details

References: CAT|I, Rule-ID|SV-3056r7_rule, STIG-ID|NET0460, Vuln-ID|V-3056

Plugin: Cisco

Control ID: 5c5a9ae9446655a0f1b54a18365e118da5e4975f702d5ee849d07972d9207777