The network device must dynamically manage identifiers, attributes, and associated access authorizations.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000152-NDM-000109	SRG-NET-000152-NDM-000109	SRG-NET-000152-NDM-000109_rule		Medium

Description
This control addresses dynamic management of account identifiers. Identifiers identify an individual, group, role, or device. Common device identifiers include, but are not limited to, media access control (MAC), Internet protocol (IP) addresses, or device-unique token identifiers. User identifiers are the names of the information system accounts associated with specific individuals. Dynamic establishment of new identifiers and their associated authorizations will occur while the system is operational. New identifiers or changes to existing identifiers must take effect without the need for a system or session restart. Pre-established trust relationships and mechanisms with appropriate authorities (e.g., Active Directory or AAA server) which validate each identifier are essential to prevent unauthorized access by changed or revoked accounts. Dynamic functionality also prevents disruption of operations by minimizing the need for system restarts.

Description

This control addresses dynamic management of account identifiers. Identifiers identify an individual, group, role, or device. Common device identifiers include, but are not limited to, media access control (MAC), Internet protocol (IP) addresses, or device-unique token identifiers. User identifiers are the names of the information system accounts associated with specific individuals. Dynamic establishment of new identifiers and their associated authorizations will occur while the system is operational. New identifiers or changes to existing identifiers must take effect without the need for a system or session restart. Pre-established trust relationships and mechanisms with appropriate authorities (e.g., Active Directory or AAA server) which validate each identifier are essential to prevent unauthorized access by changed or revoked accounts. Dynamic functionality also prevents disruption of operations by minimizing the need for system restarts.

STIG	Date
Network Device Management Security Requirements Guide	2013-07-30

Details

Check Text ( C-SRG-NET-000152-NDM-000109_chk )
Verify the network device dynamically manages identifiers, attributes, and access authorizations. If the network device does not dynamically manage identifiers, attributes, and associated access authorizations, this is a finding.

Fix Text (F-SRG-NET-000152-NDM-000109_fix)
Configure the network device to dynamically manage identifiers, attributes, and associated access authorizations.