STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must turn on enhanced Role-Based Access Control (RBAC) to isolate security functions from nonsecurity functions, to grant system privileges to other operating system admins, and prohibit user installation of system software without explicit privileged status.

DISA Rule

SV-215404r513948_rule

Vulnerability Number

V-215404

Group Title

SRG-OS-000080-GPOS-00048

Rule Version

AIX7-00-003102

Severity

CAT II

CCI(s)

• CCI-000213 - The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
• CCI-002165 - The information system enforces organization-defined discretionary access control policies over defined subjects and objects.
• CCI-001812 - The information system prohibits user installation of software without explicit privileged status.
• CCI-001084 - The information system isolates security functions from nonsecurity functions.

Weight

10

Fix Recommendation

Enable the enhanced RBAC mode by running the following command:
# chdev -l sys0 -a enhanced_RBAC=true

Reboot the system:
# reboot

Check Contents

Run the following command to retrieve the system RBAC mode:
# lsattr -E -l sys0 -a enhanced_RBAC
enhanced_RBAC true Enhanced RBAC Mode

If the RBAC mode is not "true", this is a finding.

Vulnerability Number

V-215404

Documentable

False

Rule Version

AIX7-00-003102

Severity Override Guidance

Run the following command to retrieve the system RBAC mode:
# lsattr -E -l sys0 -a enhanced_RBAC
enhanced_RBAC true Enhanced RBAC Mode

If the RBAC mode is not "true", this is a finding.

Check Content Reference

M

Target Key

4012

Comments