UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network device must provide finer-grained allocation of account privileges through the use of separate processing domains.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000036-NDM-000023 SRG-NET-000036-NDM-000023 SRG-NET-000036-NDM-000023_rule Low
Description
Processes must operate at privilege levels no higher than necessary to accomplish the required function or unauthorized access to security functionality may result. Providing separate processing domains for finer-grained allocation of account privileges includes the following examples. (i) Using virtualization techniques to allow additional privileges within a virtual machine while restricting privileges to other virtual machines or to the underlying actual machine; (ii) Employing hardware and/or software domain separation mechanisms; and (iii) Implementing separate physical domains. One method of accomplishing is through use of network device administrator roles. The roles are assigned granular access to the commands needed to perform the given role. The commands for each role are executed in separate processing domains. Domains are separated using one of the methods discussed above.
STIG Date
Network Device Management Security Requirements Guide 2013-07-30

Details

Check Text ( C-SRG-NET-000036-NDM-000023_chk )
Verify the network device provides separate processing domains for finer-grained allocation of account privileges.

If the network device does not provide separate processing domains for finer-grained allocation of account privileges, this is a finding.
Fix Text (F-SRG-NET-000036-NDM-000023_fix)
Configure the network device to provide finer-grained allocation
of account privileges through the use of separate processing domains.