Title

Ax-OS must implement privileged access authorization to all information systems and infrastructure components for selected organization-defined vulnerability scanning activities. (Cat II impact)

Discussion

In certain situations, the nature of the vulnerability scanning may be more intrusive, or the information system component that is the subject of the scanning may contain highly sensitive information. Privileged access authorization to selected system components facilitates more thorough vulnerability scanning and also protects the sensitive nature of such scanning. The vulnerability scanning application must use privileged access authorization for the scanning account.

Check Content

From the Axonius Toolbox (accessed via Secure Shell [SSH]) Main Actions Menu, select the following options: Compliance Actions >> Advanced Compliance Actions >> Update Tenable Scan Account Permissions Enter the scanning account username. If no scanning account has been set, this is a finding.

Fix Text

From the Axonius Toolbox (accessed via SSH) Main Actions Menu, select the following options: Compliance Actions >> Advanced Compliance Actions >> Add Tenable Scan Account Enter the username.

Additional Identifiers

Rule ID: SV-276015r1122695_rule

Vulnerability ID: V-276015

Group Title: SRG-APP-000414

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.