Text of Recommendation | We recommend that the Department adhere to the SSP control requirements and avoid the use of generic and shared
accounts. If generic and shared accounts are required, obtain a formal risk acceptance and develop a policy and
procedure to: a. Authorize the use of these accounts by approved personnel, b. Control who can access the
generic/shared accounts and those sensitive actions performed by the accounts are logged and reviewed every time the
accounts are used, and c. Require that generic/shared accounts’ passwords are changed each time approved personnel
separate or transfer from the Department. |
---|---|
Recommendation Number | 2.11 |
Recommendation Status | Open |
Significant Recommendation | Yes |
Submitting OIG | |
---|---|
Linked Report |