Skip to content
Catalogs
XCCDF
ForeScout CounterACT NDM Security Technical Implementation Guide
SRG-APP-000516-NDM-000336
Administrative accounts for device management must be configured on the authentication server and not the network device itself (except for the account of last resort).
Administrative accounts for device management must be configured on the authentication server and not the network device itself (except for the account of last resort). An XCCDF Rule
Administrative accounts for device management must be configured on the authentication server and not the network device itself (except for the account of last resort).
Medium Severity
<VulnDiscussion>The use of authentication servers or other centralized management servers for providing centralized authentication services is required for network device management. Maintaining local administrator accounts for daily usage on each network device without centralized management is not scalable or feasible. Without centralized management, it is likely that credentials for some network devices will be forgotten, leading to delays in administration, which leads to delays in remediating production problems and addressing compromises in a timely fashion.
Administrative accounts for network device management must be configured on the authentication server and not the network device itself. This requirement does not apply to the account of last resort.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>