STIGQter: STIG Summary: Network Device Management Security Requirements Guide Version: 4 Release: 1 Benchmark Date: 23 Apr 2021:

If the network device uses discretionary access control, the network device must enforce organization-defined discretionary access control policies over defined subjects and objects.

DISA Rule

SV-202091r399679_rule

Vulnerability Number

V-202091

Group Title

SRG-APP-000328

Rule Version

SRG-APP-000328-NDM-000286

Severity

CAT II

CCI(s)

• CCI-002165 - The information system enforces organization-defined discretionary access control policies over defined subjects and objects.

Weight

10

Fix Recommendation

Configure the network device to enforce organization-defined discretionary access control policies over defined subjects and objects.

Check Contents

Check the network device to determine if organization-defined discretionary access control policies are enforced over defined subjects and objects. If it does not use discretionary access control, this is not a finding. If organization-defined discretionary access control policies are not enforced over defined subjects and objects, this is a finding.

Vulnerability Number

V-202091

Documentable

False

Rule Version

SRG-APP-000328-NDM-000286

Severity Override Guidance

Check the network device to determine if organization-defined discretionary access control policies are enforced over defined subjects and objects. If it does not use discretionary access control, this is not a finding. If organization-defined discretionary access control policies are not enforced over defined subjects and objects, this is a finding.

Check Content Reference

M

Target Key

2890

Comments