UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

DSN capability to restrict user access based on duty hours must be used when available.


Overview

Finding ID Version Rule ID IA Controls Severity
V-7940 DSN06.04 SV-8426r2_rule ECLO-1 ECSC-1 Low
Description
User access should be restricted based on duty hours, where technically feasible. The restriction of user access by limiting access to the DSN associated to the users work hours and workweek will mitigate security vulnerabilities if a user account is compromised. If available, technically feasible (i.e., the system is capable of performing the restriction), and implemented, this option provides additional access control to the system.
STIG Date
Defense Switched Network (DSN) STIG 2015-08-11

Details

Check Text ( C-61951r1_chk )
Review site documentation to confirm DSN capability to restrict user access based on duty hours is available. If the DRSN capability to restrict user access based on duty hours is not used when available, this is a finding.
Fix Text (F-7515r2_fix)
Implement the DSN capability to restrict user access based on duty hours when available. If the time of day (TOD) access restriction function is available through the DSN/DRSN system, it should be provisioned to allow user access within a specified window. For example, if a user is assigned to work on a DSN component Monday through Friday 8 am – 5 pm, these are the hours the DSN component will allow that user to gain access.