UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The operating system must enforce a two-person rule for changes to organization-defined information system components and system-level information.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-OS-000091-NA SRG-OS-000091-NA SRG-OS-000091-NA_rule Medium
Description
Regarding access restrictions for changes made to organization-defined information system components and system level information. Any changes to the hardware, software, and/or firmware components of the operating system can potentially have significant effects on the overall security of the system. Accordingly, only qualified and authorized individuals are allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications. A two person rule requires two separate individuals acknowledge and approve those changes. Two person rule for changes to critical operating system components helps to reduce risks pertaining to availability and integrity.
STIG Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2013-02-05

Details

Check Text ( C-SRG-OS-000091-NA_chk )
RHEL6 cannot support this requirement without assistance from an external application, policy, or service. This requirement is NA.
Fix Text (F-SRG-OS-000091-NA_fix)
This requirement is NA. No fix is required.