The IDPS must implement nondiscretionary access control policies over users and resources.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000017-IDPS-000036	SRG-NET-000017-IDPS-000036	SRG-NET-000017-IDPS-000036_rule		Low

Description
When nondiscretionary access control mechanisms are implemented, security labels are assigned to securable objects and users are granted access to the objects only if their level of access matches that required by the security label. Types of nondiscretionary access control includes Attribute-Based Access Control, Mandatory Access Control, and Originator Controlled Access Control. Without these security policies, security labels on restricted objects stored on the IDPS may be accessed or changed by unauthorized users.

Description

When nondiscretionary access control mechanisms are implemented, security labels are assigned to securable objects and users are granted access to the objects only if their level of access matches that required by the security label. Types of nondiscretionary access control includes Attribute-Based Access Control, Mandatory Access Control, and Originator Controlled Access Control. Without these security policies, security labels on restricted objects stored on the IDPS may be accessed or changed by unauthorized users.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43154_chk )
Verify the management console is configured to implement access control by assigning rights and permissions to users and resources. If the IPS is not configured with rights and permissions for users and resources, this is a finding.

Fix Text (F-43154_fix)
Configure the IDPS components using nondiscretionary access control as required by organizationally defined policies.