UCF STIG Viewer Logo

Site staff does not verify and record the identity of individuals installing or modifying a device or software.


Overview

Finding ID Version Rule ID IA Controls Severity
V-7983 DSN17.01 SV-8469r1_rule ECSC-1 PECF-1 Medium
Description
Requirement: The IAO will ensure that site staff will verify and record the identity of individuals installing or modifying a device or software. The identity of individuals performing software load upgrades or maintenance of a DSN component must be recorded. This will make a particular person or vendor representative accountable for all actions performed, giving the ISSO/IAO and site personnel the means to investigate all activity.One means of maintaining such records, is to obtain a DD2875 from all individuals this type of work.
STIG Date
Defense Switched Network STIG 2015-01-02

Details

Check Text ( C-7650r1_chk )
Interview the IAO and/or SA to confirm compliance through discussion, review of site policy and procedures, diagrams, documentation, configuration files, logs, records, DAA/other approvals, etc as applicable.
Fix Text (F-7513r1_fix)
Obtain a System Authorization Access Request (SAAR) DD Form 2875 for each DRSN user to validate their need-to-know