1.008 - Shared user accounts must not be permitted on the system.

Information

Shared accounts (accounts where two or more people log on with the same user identification) do not provide adequate identification and authentication. There is no way to provide for non-repudiation or individual accountability for system access and resource usage.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Create or update shared accounts documentation that minimally contains the name of the shared account(s), the system(s) on which the accounts exist, and the individuals who have access to the accounts. Remove any shared accounts that do not meet the requirements.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_7_V1R32_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2, CAT|II, CCI|CCI-000764, Rule-ID|SV-25000r2_rule, STIG-ID|1.008, Vuln-ID|V-1072

Plugin: Windows

Control ID: baaaeb44a28af8dc96e824f189546b1abac90ba377472cf0f67d5bbba27c9cdf