UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network device must be configured to dynamically manage administrative privileges and associated command authorizations.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000014-NDM-000014 SRG-NET-000014-NDM-000014 SRG-NET-000014-NDM-000014_rule Medium
Description
Dynamic privilege management includes immediate (i.e., not requiring users to terminate and restart the session to reflect changes in privileges) revocation or adjustment of privileges and authorizations. If the network device is not configured to dynamically manage account privileges and associated access authorizations to meet security policies, then changes in account privileges or command authorizations may not immediately take effect and unauthorized entities may gain access to the information.
STIG Date
Network Device Management Security Requirements Guide 2013-07-30

Details

Check Text ( C-SRG-NET-000014-NDM-000014_chk )
Verify privileges and command authorizations are immediately (i.e., not requiring users to terminate and restart the session to reflect changes in privileges) revoked when changed.
Test this functionality by making a change to the authorizations or privileges for an account while it is in an open session with the network device application.
Verify the change has been implemented without the need for session restart.

If changes to account privileges and access authorizations are not dynamically managed, this is a finding.
Fix Text (F-SRG-NET-000014-NDM-000014_fix)
Configure the network device to use dynamic privilege management mechanisms to dynamically manage account privileges and associated access authorizations.