The IDPS must implement separation of duties through assigned information system access authorizations.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34503 | SRG-NET-000034-IDPS-00033 | SV-45329r1_rule | Low |
| Description |
|---|
| Separation of duties supports the management of individual accountability and reduces the power of one individual or administrative account. An example of separation of duties within the IDPS implementation may be accomplished by allowing only the IDPS administrator to manage the IDPS platform and associated configuration files, yet not be a member of the ""auditors"" group. Employing a separation of duties model reduces the threat that one individual has the authority to make changes to a system, and the authority to delete any record of those changes. By not restricting system administrators to their proper privilege levels, access to restricted and advanced functions may be provided to system administrators not authorized or trained to use those functions. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-42678r1_chk ) |
|---|
| Review the IDPS configuration to verify the system is configured to assign administrator privileges based on assigned duties, with only the permissions required to support their role. (For example, groups may be defined such as auditors, backup operators, and IDPS administrators.) If accounts are not assigned privileges based on assigned duties and authorizations, this is a finding. |
| Fix Text (F-38726r1_fix) |
|---|
| Configure the IDPS to use the separation of duties model and require separate accounts based on the minimum privileges needed to perform the required function. |