STIGQter: STIG Summary: IBM DataPower Network Device Management Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Oct 2017: STIGQter: STIG Summary: IBM DataPower Network Device Management Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Oct 2017:SV-79471r1_rule
V-64981
SRG-APP-000033-NDM-000212
WSDP-NM-000013
CAT II
10
Create the appropriate User Group(s) using the "RBM Builder": Privileged account user log on to default domain >> Administration >> Access >> User Group >> Click the "Add" button >> Define the policy >> Click "Add" >> Click “Apply”.
Add users' accounts to LDAP groups with the same names as those defined with the RBM Builder, in the remote Authentication/Authorization server (LDAP). Note: This takes place outside the context of the IBM DataPower Gateway. Specific instructions will depend on the LDAP server being used.
Configure Role-Based Management to make use of LDAP Group information during logon to map users to local group definitions.
Administration >> Access >> User Group >> Click the group to be confirmed >> Confirm that the access profiles are configured appropriately for the desired security policy. If the group profile(s) is/are not present, this is a finding
Privileged account user log on to default domain >> Administration >> Access >> RBM Settings >> Click "Credential Mapping" >> If Credential-mapping method is not "Local user group" or "Search LDAP for group name" is off, this is a finding.
V-64981
False
WSDP-NM-000013
Administration >> Access >> User Group >> Click the group to be confirmed >> Confirm that the access profiles are configured appropriately for the desired security policy. If the group profile(s) is/are not present, this is a finding
Privileged account user log on to default domain >> Administration >> Access >> RBM Settings >> Click "Credential Mapping" >> If Credential-mapping method is not "Local user group" or "Search LDAP for group name" is off, this is a finding.
M
2861