STIGQter: STIG Summary: IBM DataPower Network Device Management Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Oct 2017:

If the DataPower Gateway uses discretionary access control, the DataPower Gateway must enforce organization-defined discretionary access control policies over defined subjects and objects.

DISA Rule

SV-79625r1_rule

Vulnerability Number

V-65135

Group Title

SRG-APP-000328-NDM-000286

Rule Version

WSDP-NM-000088

Severity

CAT II

CCI(s)

• CCI-002165 - The information system enforces organization-defined discretionary access control policies over defined subjects and objects.

Weight

10

Fix Recommendation

As the DataPower administrator, configure the DataPower Gateway to enforce role-based access control policy over defined subjects and objects. In the WebGUI, go to Administration >> Access >> RBM Settings. On the Authentication tab, select the approved authentication server. Enter the information required for an authenticated user to access defined subjects and objects.

Check Contents

Navigate to the DataPower Gateway RBM settings at Administration >> Access >> RBM, Authentication tab using the web interface. Verify that each role is authenticated according to appropriate control policy. If they are not, this is a finding.

Vulnerability Number

V-65135

Documentable

False

Rule Version

WSDP-NM-000088

Severity Override Guidance

Navigate to the DataPower Gateway RBM settings at Administration >> Access >> RBM, Authentication tab using the web interface. Verify that each role is authenticated according to appropriate control policy. If they are not, this is a finding.

Check Content Reference

M

Target Key

2861

Comments