Skip to content
Log In

CCI-002142

The information system terminates shared/group account credentials when members leave the group.

When anyone who has access to the emergency administration account no longer requires access to it or leaves the organization, the password for the emergency administration account must be changed.

1 rule found Severity: Medium

Logo

The network device must terminate shared/group account credentials when members leave the group.

2 rules found Severity: Medium

Logo

The HYCU server must terminate shared/group account credentials when members leave the group.

1 rule found Severity: Medium

Logo

The MQ Appliance network device must terminate shared/group account credentials when members leave the group.

1 rule found Severity: Medium

Logo

Members of the SCOM Administrators Group must be reviewed to ensure access is still required.

1 rule found Severity: Medium

Logo

Riverbed Optimization System (RiOS) must terminate local shared/group account credentials, such as the Admin account is used, when members who know the account password leave the group.

1 rule found Severity: Medium

Logo

Riverbed Optimization System (RiOS) must disable the local Shark and Monitor accounts so they cannot be used as shared accounts by users.

1 rule found Severity: Medium

Logo

The Tanium Server must be configured with a connector to sync to Microsoft Active Directory for account management functions, must isolate security functions from non-security functions, and must terminate shared/group account credentials when members leave the group.

1 rule found Severity: Medium

Logo

The Tanium Application Server must be configured with a connector to sync to Microsoft Active Directory for account management functions.

4 rules found Severity: Medium

Logo

The Tanium cryptographic signing capabilities must be enabled on the Tanium Server.

3 rules found Severity: Medium

Logo

The Cisco ISE must change the password for the local CLI and web-based account when members who have access to the password leave the role and are no longer authorized access.

1 rule found Severity: Medium

Logo

The F5 BIG-IP appliance must terminate shared/group account credentials when members leave the group.

1 rule found Severity: Medium

Logo

The Juniper EX switch must change credentials for account of last resort when administrators who know the credential leave the organization.

1 rule found Severity: Medium

Logo

MKE must be configured to integrate with an Enterprise Identity Provider.

1 rule found Severity: Medium

Logo

The password for the local account of last resort and the device password (if configured) must be changed when members who had access to the password leave the role and are no longer authorized access.

1 rule found Severity: Medium

Logo

Shared/group account credentials must be terminated when members leave the group.

1 rule found Severity: Medium

Logo

Dragos Platform must use an Identity Provider (IDP) for authentication and authorization processes.

1 rule found Severity: Medium

Logo

Forescout must terminate the account of last resort password when members with access to the password leave the group.

1 rule found Severity: Medium

Logo

Access to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.

1 rule found Severity: Medium

Logo

OpenShift must use FIPS validated LDAP or OpenIDConnect.

1 rule found Severity: High

Logo

Rancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.

1 rule found Severity: High

Logo