Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
SRG-NET-000172-NDM-000131 | SRG-NET-000172-NDM-000131 | SRG-NET-000172-NDM-000131_rule | Medium |
Description |
---|
This requirement addresses security-related issues associated with maintenance tools used specifically for diagnostic and repair actions on organizational information systems. Maintenance tools include hardware/software diagnostic test equipment and hardware/software packet sniffers. Maintenance tools connecting to a network device may contain malware or insert unauthorized capabilities; therefore, their use must be restricted to authorized personnel. |
STIG | Date |
---|---|
Network Device Management Security Requirements Guide | 2013-07-30 |
Check Text ( C-SRG-NET-000172-NDM-000131_chk ) |
---|
Verify the network device restricts the use of maintenance tools to authorized system administrators. If the use of maintenance tools is not restricted to authorized personnel only, this is a finding. |
Fix Text (F-SRG-NET-000172-NDM-000131_fix) |
---|
Configure the network device to restrict access to maintenance tools for the network device to authorized system administrators. |