Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
SRG-NET-000014-NDM-000014 | SRG-NET-000014-NDM-000014 | SRG-NET-000014-NDM-000014_rule | Medium |
Description |
---|
Dynamic privilege management includes immediate (i.e., not requiring users to terminate and restart the session to reflect changes in privileges) revocation or adjustment of privileges and authorizations. If the network device is not configured to dynamically manage account privileges and associated access authorizations to meet security policies, then changes in account privileges or command authorizations may not immediately take effect and unauthorized entities may gain access to the information. |
STIG | Date |
---|---|
Network Device Management Security Requirements Guide | 2013-07-30 |
Check Text ( C-SRG-NET-000014-NDM-000014_chk ) |
---|
Verify privileges and command authorizations are immediately (i.e., not requiring users to terminate and restart the session to reflect changes in privileges) revoked when changed. Test this functionality by making a change to the authorizations or privileges for an account while it is in an open session with the network device application. Verify the change has been implemented without the need for session restart. If changes to account privileges and access authorizations are not dynamically managed, this is a finding. |
Fix Text (F-SRG-NET-000014-NDM-000014_fix) |
---|
Configure the network device to use dynamic privilege management mechanisms to dynamically manage account privileges and associated access authorizations. |