STIGQter: STIG Summary: Network Device Management Security Requirements Guide Version: 4 Release: 1 Benchmark Date: 23 Apr 2021:

The network device must only allow authorized administrators to view or change the device configuration, system files, and other files stored either in the device or on removable media (such as a flash drive).

DISA Rule

SV-202078r397744_rule

Vulnerability Number

V-202078

Group Title

SRG-APP-000231

Rule Version

SRG-APP-000231-NDM-000271

Severity

CAT I

CCI(s)

• CCI-001199 - The information system protects the confidentiality and/or integrity of organization-defined information at rest.

Weight

10

Fix Recommendation

Set the file permissions on files on the network device or on removable media used by the device so that only authorized administrators can read or change their contents.

Check Contents

List the contents of the network device’s local storage, including any drives supporting removable media (such as flash drives or CDs) and check the file permissions of all files on those drives. If any files allow read or write access by accounts not specifically authorized access or by non-privileged accounts, this is a finding.

Vulnerability Number

V-202078

Documentable

False

Rule Version

SRG-APP-000231-NDM-000271

Severity Override Guidance

List the contents of the network device’s local storage, including any drives supporting removable media (such as flash drives or CDs) and check the file permissions of all files on those drives. If any files allow read or write access by accounts not specifically authorized access or by non-privileged accounts, this is a finding.

Check Content Reference

M

Target Key

2890

Comments