Check: DSN01.03
Defense Switched Network (DSN) STIG:
DSN01.03
(in versions v2 r8 through v2 r7)
Title
The ISSO/IAO does not ensure that administration and maintenance personnel have proper access to the facilities, functions, commands, and calling privileges required to perform their job. (Cat II impact)
Discussion
Requirement: The IAO will ensure that internal and external administrator/maintenance personnel have appropriate but limited access to the facilities, functions, commands, and calling privileges in accordance with their role as required when performing their job. Privileged access to any system should be controlled. Anyone with privileged access can cause serious system damage that could in turn have detrimental affects on the operational environment. Administration and maintenance personnel should be provided only that privileged access needed to perform their job.
Check Content
Interview the IAO or SA and confirm compliance through discussion, review of site policy, diagrams, documentation, DAA approvals, etc as applicable.
Fix Text
The ISSO/IAO should Implement appropriate processes, local policies, and/or procedures to provide maintenance personnel and SAs with the appropriate access and system privileges needed to properly perform their tasks and responsibilities
Additional Identifiers
Rule ID: SV-8409r1_rule
Vulnerability ID: V-7923
Group Title: Inadequate clearance / access to perform duties
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |