Information
Ideally it would be considered best practice to have one non-root emergency backup account, in addition to the root account, configured on the firewall while relying upon an external authentication server, such as RADIUS or TACACS+, to provide the primary means of authentication. Utilizing an authorization server will allow you to easily change and audit user related information upon the departure of employees or in cases where compromise is suspected.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
You may navigate to the following ScreenOS menu location: Configuration > Admin > Administrators