STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:SV-222408r508029_rule
V-222408
SRG-APP-000317
APSC-DV-000290
CAT II
10
Create a procedure for deleting either member accounts or the entire group account when members leave the group.
Review the application documentation and determine if there is a requirement for shared or group accounts.
If there is no official requirement for shared or group application accounts, this requirement is not applicable.
Interview the application representative and identify shared/group accounts.
Have the application representative provide their procedures for account management as it pertains to group users.
Validate there is a procedure for deleting either member accounts or the entire group account when member leave the group.
If there is no process for handling group account credentials, this is a finding.
V-222408
False
APSC-DV-000290
Review the application documentation and determine if there is a requirement for shared or group accounts.
If there is no official requirement for shared or group application accounts, this requirement is not applicable.
Interview the application representative and identify shared/group accounts.
Have the application representative provide their procedures for account management as it pertains to group users.
Validate there is a procedure for deleting either member accounts or the entire group account when member leave the group.
If there is no process for handling group account credentials, this is a finding.
M
4093