STIGQter STIGQter: STIG Summary: Riverbed SteelHead CX v8 NDM Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 25 Oct 2019:

The application must reveal error messages only to authorized individuals (ISSO, ISSM, and SA).

DISA Rule

SV-77485r1_rule

Vulnerability Number

V-62995

Group Title

SRG-APP-000267-NDM-000273

Rule Version

RICX-DM-000145

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure RiOS to reveal error messages only to authorized individuals (ISSO, ISSM, and SA).

Navigate to the device Management Console
Navigate to Configure >> Security >> User Permissions

Select the user name that needs to have modified permissions
Set the control "Basic Diagnostics" according to the authorization level of the user

Click "Apply"
Navigate to the top of the web page and click "Save" to write changes to memory

Check Contents

Verify that RiOS is configured to reveal error messages only to authorized individuals (ISSO, ISSM, and SA).

Navigate to the device Management Console
Navigate to Configure >> Security >> User Permissions

Select the view icon next to each user name
Verify that the Control "Basic Diagnostics" is set according to the authorization level of the user

If the control "Basic Diagnostics" is not set according to the authorization level of the user, this is a finding.

Vulnerability Number

V-62995

Documentable

False

Rule Version

RICX-DM-000145

Severity Override Guidance

Verify that RiOS is configured to reveal error messages only to authorized individuals (ISSO, ISSM, and SA).

Navigate to the device Management Console
Navigate to Configure >> Security >> User Permissions

Select the view icon next to each user name
Verify that the Control "Basic Diagnostics" is set according to the authorization level of the user

If the control "Basic Diagnostics" is not set according to the authorization level of the user, this is a finding.

Check Content Reference

M

Target Key

2931

Comments