The network device must generate alerts that can be forwarded to the administrators and IAO when accounts are removed.

From Network Device Management Security Requirements Guide

Associated with: CCI-001686

SV-69439r1_rule The network device must generate alerts that can be forwarded to the administrators and IAO when accounts are removed.

Vulnerability discussion

When application accounts are removed, administrator accessibility is affected. Accounts are utilized for identifying individual device administrators or for identifying the device processes themselves. In order to detect and respond to events that affect administrator accessibility and device processing, devices must audit account removal actions and, as required, notify the appropriate individuals so they can investigate the event. Such a capability greatly reduces the risk that device accessibility will be negatively affected for extended periods of time and also provides logging that can be used for forensic purposes.

Check content

Determine if the network device generates alerts that can be forwarded to the administrators and IAO when accounts are removed. This requirement may be verified by demonstration or configuration review. If the network device is configured to use an authentication server which would perform this function, this is not a finding. If alerts are not generated when accounts are removed and forwarded to the administrators and IAO, this is a finding.

Fix text

Configure the network device or its associated authentication server to send a notification message to the administrators and IAO when accounts are removed.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.