Check: SRG-APP-000516-NDM-000335
Network Device Management SRG:
SRG-APP-000516-NDM-000335
(in versions v4 r3 through v2 r7)
Title
The network device must enforce access restrictions associated with changes to the system components. (Cat II impact)
Discussion
Changes to the hardware or software components of the network device can have significant effects on the overall security of the network. Therefore, only qualified and authorized individuals should be allowed administrative access to the network device for implementing any changes or upgrades. This requirement applies to updates of the application files, configuration, ACLs, and policy filters.
Check Content
Check the network device to determine if only authorized administrators have permissions for changes, deletions and updates on the network device. Inspect the maintenance log to verify changes are being made only by the system administrators. If unauthorized users are allowed to change the hardware or software, this is a finding.
Fix Text
Configure the network device to enforce access restrictions associated with changes to the system components.
Additional Identifiers
Rule ID: SV-202131r879887_rule
Vulnerability ID: V-202131
Group Title: SRG-APP-000516
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000345 |
The organization enforces logical access restrictions associated with changes to the information system. |
CCI-000366 |
The organization implements the security configuration settings. |