The network device must limit privileges to change software resident within software libraries, including privileged programs.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000123-NDM-000081 | SRG-NET-000123-NDM-000081 | SRG-NET-000123-NDM-000081_rule | Medium |
| Description |
|---|
| Changes to any software components of the network device can have significant effects on the overall security of the network. Therefore, only qualified and authorized individuals should be allowed administrative access to the network device for implementing any changes or upgrades. If the network device were to enable non-authorized users to make changes to software libraries, those changes could be implemented without undergoing testing, validation, and approval. This requirement is not applicable if the underlying OS provides safeguards and countermeasures for the network device software components. |
| STIG | Date |
|---|---|
| Network Device Management Security Requirements Guide | 2013-07-30 |
Details
| Check Text ( C-SRG-NET-000123-NDM-000081_chk ) |
|---|
| Verify only qualified and authorized individuals have administrative access to the network device for implementing any changes or upgrades. If individuals other than the authorized system administrators are allowed to upgrade or change the software, including ACLs or policy filters, this is a finding. |
| Fix Text (F-SRG-NET-000123-NDM-000081_fix) |
|---|
| Configure a system administrators group with software update and modification privileges. Configure the network device so only members of this group have permission to perform these function. |