UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network device must implement separation of duties through assigned information system access authorizations.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000034-NDM-000022 SRG-NET-000034-NDM-000022 SRG-NET-000034-NDM-000022_rule Low
Description
Separation of duties supports the management of individual accountability and reduces the power of one individual or administrative account. An example of separation of duties within the network device is to allow only the network device administrator to manage the network device platform and associated configuration files, yet not be a member of the "auditors" group. Employing a separation of duties model reduces the threat of one individual having the authority to make changes to a system, and the authority to delete any record of those changes. By not restricting system administrators to their proper privilege levels, access to restricted and advanced functions may be provided to system administrators not authorized or trained to use those functions. For example, groups may be defined such as auditors, backup operators, and network device administrators. Access authorizations may also be associated with individual operational commands.
STIG Date
Network Device Management Security Requirements Guide 2013-07-30

Details

Check Text ( C-SRG-NET-000034-NDM-000022_chk )
Review the network device configuration to verify the system is configured to assign administrator privileges based on assigned duties, with only the permissions required to support their role.


If accounts are not assigned privileges based on assigned duties and authorizations, this is a finding.
Fix Text (F-SRG-NET-000034-NDM-000022_fix)
Configure the network device to use the separation of duties model and require separate accounts based on the minimum privileges needed to perform the required function.