From Network Device Management Security Requirements Guide
Part of SRG-APP-000148-NDM-000346
Associated with: CCI-001358 CCI-002111
Authentication for administrative (privileged level) access to the device is required at all times. An account can be created on the device's local database for use when the authentication server is down or connectivity between the device and the authentication server is not operable. This account is referred to as the account of last resort since it is intended to be used as a last resort and when immediate administrative access is absolutely necessary.
Review the network device configuration to determine if there is more than one account enabled Verify that the account of last resort is configured with the privileges needed to perform privileged functions when the authentication server is not available. Verify default admin and other vendor-provided accounts are disabled, removed, or renamed where possible. Verify the username and password for the account of last resort is contained within a sealed envelope and kept in a safe. Check the log to verify periodic auditing has occurred. If one local account does not exist for use as the account of last resort, this is a finding.
Configure the device to only allow one local account for use as the account of last resort.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer