8.5.8.a For a sample of system components, critical servers, and wireless access points, examine user ID lists to verify the following
- Generic User IDs and accounts are disabled or removed
- Shared User IDs for system administration activities and other critical functions do not exist
- Shared and generic User IDs are not used to administer wireless LANs and devices
8.5.8.b Examine password policies/procedures to verify that group and shared passwords are explicitly prohibited
8.5.8.c Interview system administrators to verify that group and shared passwords are not distributed, even if requested