Group accounts must not be configured for use on the network device.

From Perimeter Router Security Technical Implementation Guide Cisco

Part of Group accounts are defined.

SV-3056r7_rule Group accounts must not be configured for use on the network device.

Vulnerability discussion

Group accounts configured for use on a network device do not allow for accountability or repudiation of individuals using the shared account. If group accounts are not changed when someone leaves the group, that person could possibly gain control of the network device. Having group accounts does not allow for proper auditing of who is accessing or changing the network.

Check content

Review the network device configuration and validate there are no group accounts configured for access. If a group account is configured on the device, this is a finding.

Fix text

Configure individual user accounts for each authorized person then remove any group accounts.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer