Redis Enterprise DBMS must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-251222 | RD6X-00-008600 | SV-251222r960969_rule | CCI-000764 | medium |
| Description | ||||
| Redis Enterprise allows the user to configure unique users per role. Review roles and ensure roles use unique organizational principles per user to the database. Redis does come with a default user for backwards compatibility. This user may be disabled. | ||||
| STIG | Date | |||
| Redis Enterprise 6.x Security Technical Implementation Guide | 2024-09-04 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
IA-2
1.00
- DISA · V2R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.5.1
1.00
- DISA · V2R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.5.2
1.00
- DISA · V2R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000764
1.00
- DISA · V2R2 · disa_xccdf · related
Details
Check Text (C-251222r960969_chk)
To audit this configuration:
1. Log in to Redis Enterprise Administrative Control Plane.
2. Go to databases tab.
3. Select the desired database and then the configuration subtab.
4. Verify that Default database access is enabled.
If it is enabled, this is a finding.
Fix Text (F-54611r804855_fix)
To fix this issue perform the following actions:
To audit this configuration:
1. Log in to Redis Enterprise Administrative Control Plane.
2. Go to databases tab.
3. Select each database and review the configuration by selecting edit.
4. Deselect the default database access tab.
This configuration will break applications designed for use with Redis 5 prior to ACLs.