Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The network element must have all user accounts assigned to the lowest privilege level that allows each administrator to perform his or her duties.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-3057 | NET0465 | SV-3057r2_rule | ECSC-1 | Medium |
| Description |
|---|
| By not restricting administrators and operations personnel to their proper privilege levels, access to restricted functions may be allowed before they are trained or experienced enough to use those functions. Network disruptions or outages could be caused by mistakes made by inexperienced administrators. |
| STIG | Date |
|---|---|
| WLAN Controller Security Technical Implementation Guide (STIG) | 2013-03-14 |
Details
| Check Text ( C-3504r3_chk ) |
|---|
| Review the accounts that have been defined locally on the network element and determine if the accounts have the lowest privilege level. User accounts must be set to a specific privilege level which can be mapped to specific commands or group of commands. Not all administrators should have the highest level unless they all perform all configuration tasks. |
| Fix Text (F-3082r3_fix) |
|---|
| Configure accounts with the least privilege rule. Each user will have access to only the privileges they require to perform their respective duties. Access to the highest privilege levels should be restricted to a few users. |