STIGQter: STIG Summary: Juniper SRX SG NDM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Juniper SRX SG NDM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:SV-223202r513295_rule
V-223202
SRG-APP-000378-NDM-000302
JUSX-DM-000077
CAT II
10
Configure the Juniper SRX to allow only the ISSM user account (or administrators/roles appointed by the ISSM) to select which auditable events are to be audited. To ensure this is the case, each ISSM-appointed role on the AAA must be configured for least privilege using the following stanzas for each role.
[edit]
show system login
Use the delete command or retype the command to remove the permission "Maintenance" or "request system software add" from any class that is not authorized to upgrade software on the device. An explicitly Deny for the command "request system software add" can also be used if some Maintenance commands are permitted.
To verify role-based access control has been configured, view the settings for each login class defined.
[edit]
show system login
View all login classes to see which roles are assigned the "Maintenance" or "request system software add" permissions.
If login classes for user roles that are not authorized to install and update software are configured, this is a finding.
V-223202
False
JUSX-DM-000077
To verify role-based access control has been configured, view the settings for each login class defined.
[edit]
show system login
View all login classes to see which roles are assigned the "Maintenance" or "request system software add" permissions.
If login classes for user roles that are not authorized to install and update software are configured, this is a finding.
M
4098