DSN capability to restrict user access based on duty hours must be used when available.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-7940 | DSN06.04 | SV-8426r2_rule | Low |
| Description |
|---|
| User access should be restricted based on duty hours, where technically feasible. The restriction of user access by limiting access to the DSN associated to the users work hours and workweek will mitigate security vulnerabilities if a user account is compromised. If available, technically feasible (i.e., the system is capable of performing the restriction), and implemented, this option provides additional access control to the system. |
| STIG | Date |
|---|---|
| Defense Switched Network (DSN) STIG | 2017-01-19 |
Details
| Check Text ( C-61951r1_chk ) |
|---|
| Review site documentation to confirm DSN capability to restrict user access based on duty hours is available. If the DRSN capability to restrict user access based on duty hours is not used when available, this is a finding. |
| Fix Text (F-7515r2_fix) |
|---|
| Implement the DSN capability to restrict user access based on duty hours when available. If the time of day (TOD) access restriction function is available through the DSN/DRSN system, it should be provisioned to allow user access within a specified window. For example, if a user is assigned to work on a DSN component Monday through Friday 8 am – 5 pm, these are the hours the DSN component will allow that user to gain access. |