The Dragos Platform must notify system administrators and information system security officer (ISSO) of local account activity.
An XCCDF Rule
Description
<VulnDiscussion>Once an attacker establishes access to an application, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simply create a new account. Sending notification of account creation events to the system administrator and ISSO is one method for mitigating this risk. Satisfies: SRG-APP-000291, SRG-APP-000292, SRG-APP-000293, SRG-APP-000294</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-265658r1018453_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
1. If a notification does not appear, install KP-CW-24-001. This knowledge pack will add this and other notifications relevant to the STIG to the Dragos Platform.
Adding Knowledge Pack:
While logged in to the Dragos Platform with administrative privileges, navigate to Admin >> SiteStore Management >> Knowledge Packs.
Locate all "STIG-KP_Plus" Knowledge Pack(s).