System administrative and maintenance users are assigned accounts with privileges that are not commensurate with their assigned responsibilities.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-8558	DSN06.05	SV-9055r1_rule	ECLP-1 ECSC-1	Medium

Description
Requirement: The IAO will ensure that all systems and devices employ a role-based Discretionary Access Control system used to control access to OAM&P / NM systems, the devices they manage, and their command classes for administrative and maintenance users commensurate with their assigned responsibilities. To ensure system security, all assigned administrator and maintenance user account privileges must be limited to perform their specific function. Furthermore, super user access is to be held to a minimum and assigned to only those most knowledgeable of the system.

Description

Requirement: The IAO will ensure that all systems and devices employ a role-based Discretionary Access Control system used to control access to OAM&P / NM systems, the devices they manage, and their command classes for administrative and maintenance users commensurate with their assigned responsibilities. To ensure system security, all assigned administrator and maintenance user account privileges must be limited to perform their specific function. Furthermore, super user access is to be held to a minimum and assigned to only those most knowledgeable of the system.

STIG	Date
Defense Switched Network (DSN) STIG	2015-06-30

Details

Check Text ( C-7372r1_chk )
Have the IAO or SA demonstrate compliance with the requirement; minimally on a sampling of the related or effected devices. Inspect configuration files as applicable.

Fix Text (F-7968r1_fix)
Implement processes / procedures, generate documents, and/or adjust configuration(s) / architecture, as necessary to comply with policy.