STIGQter: STIG Summary: IBM DataPower Network Device Management Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Oct 2017:

If the DataPower Gateway uses role-based access control, the DataPower Gateway must enforce role-based access control policies over defined subjects and objects.

DISA Rule

SV-79627r1_rule

Vulnerability Number

V-65137

Group Title

SRG-APP-000329-NDM-000287

Rule Version

WSDP-NM-000089

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-002169 - The information system enforces a role-based access control policy over defined subjects and objects.

Weight

10

Fix Recommendation

As the DataPower administrator, configure the DataPower Gateway to enforce role-based access control policy over defined subjects and objects. In the WebGUI, go to Administration >> Access >> RBM Settings. On the Authentication tab, select the approved authentication server. Enter the information required for an authenticated user to access defined subjects and objects.

Check Contents

Navigate to the DataPower Gateway RBM settings at Administration >> Access >> RBM, Authentication tab using the web interface. Verify that each role is authenticated according to appropriate control policy. If they are not, this is a finding.

Vulnerability Number

V-65137

Documentable

False

Rule Version

WSDP-NM-000089

Severity Override Guidance

Navigate to the DataPower Gateway RBM settings at Administration >> Access >> RBM, Authentication tab using the web interface. Verify that each role is authenticated according to appropriate control policy. If they are not, this is a finding.

Check Content Reference

M

Target Key

2861

Comments