UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IDPS must audit the use of privileged accounts when accessing configuration and operational commands enabled for non-privileged accounts.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000035-IDPS-000056 SRG-NET-000035-IDPS-000056 SRG-NET-000035-IDPS-000056_rule Low
Description
The IDPS implementation may include tools and applications which are valuable for some network users. By default, non-privileged users cannot access or execute these commands. However, the organization may decide that certain managers or individuals with special roles should be given access (e.g., reporting and analysis tools for the audit group). Changes to the configuration of commands which are limited to privileged users must be captured in the audit log. Monitoring account usage will increase visibility thus reducing the risk of exploitation of privileged accounts by unauthorized persons. Audit logs provide information for use in diagnostic and forensic investigation.
STIG Date
IDPS Security Requirements Guide (SRG) 2012-03-08

Details

Check Text ( C-43184_chk )
Verify changes that directly alter the permissions or configuration options for privileged commands cause an event update to the audit log.

If changes to the permissions or configuration options for privileged commands cause an event update to the audit log are not tracked in the management console audit log, this is a finding.
Fix Text (F-43184_fix)
Configure the audit module, so changes to the permissions or configuration options for privileged commands cause an event update to the audit log.