Account Management - Review account groups assigned to 'netadmin'

Information

Information system account types include, for example, individual, shared, group, system, guest/anonymous, emergency, developer/manufacturer/vendor, temporary, and service.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

The identification of authorized users of the information system and the specification of access privileges reflects the requirements in other security controls in the security plan. Users requiring administrative privileges on information system accounts receive additional scrutiny by appropriate organizational personnel (e.g., system owner, mission/business owner, or chief information security officer) responsible for approving such accounts and privileged access. Organizations may choose to define access privileges or other attributes by account, by type of account, or a combination of both.

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2

Plugin: Cisco_Viptela

Control ID: 85c727bdf2503febbef970b3a3f6a6c1019b069dc6cf3a475a42f8ac89c7e2d8