The network device must use automated mechanisms to restrict the use of maintenance tools to authorized personnel only.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000172-NDM-000131	SRG-NET-000172-NDM-000131	SRG-NET-000172-NDM-000131_rule		Medium

Description
This requirement addresses security-related issues associated with maintenance tools used specifically for diagnostic and repair actions on organizational information systems. Maintenance tools include hardware/software diagnostic test equipment and hardware/software packet sniffers. Maintenance tools connecting to a network device may contain malware or insert unauthorized capabilities; therefore, their use must be restricted to authorized personnel.

Description

This requirement addresses security-related issues associated with maintenance tools used specifically for diagnostic and repair actions on organizational information systems. Maintenance tools include hardware/software diagnostic test equipment and hardware/software packet sniffers. Maintenance tools connecting to a network device may contain malware or insert unauthorized capabilities; therefore, their use must be restricted to authorized personnel.

STIG	Date
Network Device Management Security Requirements Guide	2013-07-30

Details

Check Text ( C-SRG-NET-000172-NDM-000131_chk )
Verify the network device restricts the use of maintenance tools to authorized system administrators. If the use of maintenance tools is not restricted to authorized personnel only, this is a finding.

Fix Text (F-SRG-NET-000172-NDM-000131_fix)
Configure the network device to restrict access to maintenance tools for the network device to authorized system administrators.