The network element must enforce dual authorization based on organizational policies and procedures for organizationally defined privileged commands.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000016-FW-NA | SRG-NET-000016-FW-NA | SRG-NET-000016-FW-NA_rule | Medium |
| Description |
|---|
| Dual authorization mechanisms require two forms of approval to execute. An organization may determine certain commands or network element configuration changes require dual authorization before being activated. However, an organization should not employ dual authorization mechanisms when an immediate response is necessary to ensure public and environmental safety. If dual authorization is not automatically enforced by the system, system administrators would be able to change the system configuration without oversight from a second administrator when required by the site security policy. Dual authorization is not a function provided by the firewall. If this function is needed based on mission requirements, implement AAA services to provide account management functionality. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2012-12-10 |
Details
| Check Text ( C-SRG-NET-000016-FW-NA_chk ) |
|---|
| This requirement is NA for firewall. No fix required. |
| Fix Text (F-SRG-NET-000016-FW-NA_fix) |
|---|
| This requirement is NA for firewall. No fix required. |