Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
SRG-NET-000016-IDPS-000035 | SRG-NET-000016-IDPS-000035 | SRG-NET-000016-IDPS-000035_rule | Medium |
Description |
---|
Dual authorization mechanisms require two forms of approval to execute. An organization may determine certain commands or IDPS configuration changes require dual-authorization before being activated. However, an organization should not employ dual authorization mechanisms when an immediate response is necessary to ensure public and environmental safety. If dual authorization is not automatically enforced by the system, system administrators would be able to change the system configuration without oversight from a second administrator when required by the site security policy. If dual authorization is a requirement for the site, this control applies to the IDPS sensor logs and other files. |
STIG | Date |
---|---|
IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Check Text ( C-43153_chk ) |
---|
Inspect the management console configuration. Verify the settings enabling dual authorization are configured. Verify these settings cannot be disabled without dual authorization. If the IDPS settings to enable dual authorization are not enabled, this is a finding. |
Fix Text (F-43153_fix) |
---|
Enable IDPS settings to require dual authorization for organizationally defined privileged commands. |