The ISSO/IAO does not ensure that administration and maintenance personnel have proper access to the facilities, functions, commands, and calling privileges required to perform their job.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-7923 | DSN01.03 | SV-8409r1_rule | ECLP-1 ECSC-1 | Medium |
| Description |
|---|
| Requirement: The IAO will ensure that internal and external administrator/maintenance personnel have appropriate but limited access to the facilities, functions, commands, and calling privileges in accordance with their role as required when performing their job. Privileged access to any system should be controlled. Anyone with privileged access can cause serious system damage that could in turn have detrimental affects on the operational environment. Administration and maintenance personnel should be provided only that privileged access needed to perform their job. |
| STIG | Date |
|---|---|
| Defense Switched Network (DSN) STIG | 2017-01-19 |
Details
| Check Text ( C-7304r1_chk ) |
|---|
| Interview the IAO or SA and confirm compliance through discussion, review of site policy, diagrams, documentation, DAA approvals, etc as applicable. |
| Fix Text (F-7969r1_fix) |
|---|
| The ISSO/IAO should Implement appropriate processes, local policies, and/or procedures to provide maintenance personnel and SAs with the appropriate access and system privileges needed to properly perform their tasks and responsibilities |