The network device must display an approved system use notification message (or banner) before granting access to the system.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000041-NDM-000028 | SRG-NET-000041-NDM-000028 | SRG-NET-000041-NDM-000028_rule | Low |
| Description |
|---|
| All network devices must present a DoD-approved warning banner prior to a system administrator logging on. The banner should warn any unauthorized user not to proceed. It also should provide clear and unequivocal notice to both authorized and unauthorized personnel that access to the device is subject to monitoring to detect unauthorized usage. Failure to display the required login warning banner prior to login attempts will limit the ability to prosecute unauthorized access and also presents the potential to give rise to criminal and civil liability for systems administrators and information systems managers. In addition, DISA's ability to monitor the device's usage is limited unless a proper warning banner is displayed. |
| STIG | Date |
|---|---|
| Network Device Management Security Requirements Guide | 2013-07-30 |
Details
| Check Text ( C-SRG-NET-000041-NDM-000028_chk ) |
|---|
| Configure all network device management interfaces to display an approved system use notification upon user login, regardless of the means of connection or communication. If a warning banner is not displayed prior to allowing user access to the network device, this is a finding. |
| Fix Text (F-SRG-NET-000041-NDM-000028_fix) |
|---|
| Configure the network device management interfaces to display the authorized DoD warning banner text on or before the login page. |