UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network device must provide the capability for a privileged administrator to configure the organizationally defined security policy filters to support different security policies.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000022-NDM-000021 SRG-NET-000022-NDM-000021 SRG-NET-000022-NDM-000021_rule Medium
Description
The network device must be configured to restrict management access according to the privilege level the user has been granted. Authorization to configure security policies requires the highest privilege level. Authorization of user accounts is usually performed using the authentication server; however, on some network devices, this is done on the device itself, regardless of where the account resides. The access control configuration must provide the capability to assign network device administrators to tiered groups containing required privilege levels. If system administrators cannot be configured with different security policy filters, then need-to-know cannot be enforced.
STIG Date
Network Device Management Security Requirements Guide 2013-07-30

Details

Check Text ( C-SRG-NET-000022-NDM-000021_chk )
Verify the network device provides the system administrators the ability to configure security policy filters (e.g., creating groups with different authorizations and privileges).
Verify the system has the capability to assign security levels to groups and individual users as needed.

If the network device does not provide the capability to configure security policy filters, this is a finding.
Fix Text (F-SRG-NET-000022-NDM-000021_fix)
Create security policy filters by creating security groups or use pre-existing groups.
Assign privileges to each group based on varying need-for-access.
Assign system administrators as group members to each group based on level of access required.