System administrators are NOT appropriately cleared.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-7982	DSN16.04	SV-8468r1_rule	ECSC-1 PECF-2	Medium

Description
Requirement: The IAO will ensure that all System Administrators are appropriately cleared. In order to maintain positive control over personnel access to DSN system components, all who are provided physical and administrative access to the components must be controlled. Confirmation of those who are authorized access must be confirmed before access is given. If physical and administrative access to systems is not confirmed and controlled, this may result in unauthorized access or compromise.

Description

Requirement: The IAO will ensure that all System Administrators are appropriately cleared. In order to maintain positive control over personnel access to DSN system components, all who are provided physical and administrative access to the components must be controlled. Confirmation of those who are authorized access must be confirmed before access is given. If physical and administrative access to systems is not confirmed and controlled, this may result in unauthorized access or compromise.

STIG	Date
Defense Switched Network STIG	2015-01-02

Details

Check Text ( C-7363r1_chk )
Interview the IAO or SA and confirm compliance through discussion, review of site policy, diagrams, documentation, DAA approvals, etc as applicable.

Fix Text (F-7513r1_fix)
Obtain a System Authorization Access Request (SAAR) DD Form 2875 for each DRSN user to validate their need-to-know