The organization must employ automated mechanisms to restrict the use of maintenance tools to authorized personnel only.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-26945	SRG-APP-NA	SV-34227r1_rule		Medium

Description
The intent of this control is to address the security-related issues arising from the software brought into the information system specifically for diagnostic and repair actions (e.g., a software packet sniffer introduced for the purpose of a particular maintenance activity). This is an organizational requirement to utilize automated mechanisms in order to prevent maintenance tools from being utilized by unauthorized personnel. This requirement does not address application characteristics and does not apply.

Description

The intent of this control is to address the security-related issues arising from the software brought into the information system specifically for diagnostic and repair actions (e.g., a software packet sniffer introduced for the purpose of a particular maintenance activity). This is an organizational requirement to utilize automated mechanisms in order to prevent maintenance tools from being utilized by unauthorized personnel. This requirement does not address application characteristics and does not apply.

STIG	Date
Application Security Requirements Guide	2011-12-28

Details

Check Text ( None )
None

Fix Text (None)
None