Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The DataPower Gateway must require users to re-authenticate when privilege escalation or role changes occur.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-65163 | WSDP-NM-000108 | SV-79653r1_rule | Medium |
| Description |
|---|
| Without re-authentication, users may access resources or perform tasks for which they do not have authorization. When devices provide the capability to change security roles, it is critical the user re-authenticate. In addition to the re-authentication requirements associated with session locks, organizations may require re-authentication of individuals and/or devices in other situations, including (but not limited to) the following circumstances. (i) When authenticators change; (ii) When roles change; (iii) When security categories of information systems change; (iv) When the execution of privileged functions occurs; (v) After a fixed period of time; or (vi) Periodically. Within the DoD, the minimum circumstances requiring re-authentication are privilege escalation and role changes. |
| STIG | Date |
|---|---|
| IBM DataPower Network Device Management Security Technical Implementation Guide | 2017-10-05 |
Details
| Check Text ( C-65791r1_chk ) |
|---|
| Go to Status >> Main >> Active Users and ensure that the user is not currently logged on. If the user is logged in, it is a finding. |
| Fix Text (F-71103r1_fix) |
|---|
| After making any account privilege changes, administrator must go to Status >> Main >> Active Users and disconnect the user's current session if they are currently logged on. |