STIGQter: STIG Summary: IBM DataPower Network Device Management Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Oct 2017:

The DataPower Gateway must require users to re-authenticate when privilege escalation or role changes occur.

DISA Rule

SV-79653r1_rule

Vulnerability Number

V-65163

Group Title

SRG-APP-000389-NDM-000306

Rule Version

WSDP-NM-000108

Severity

CAT II

CCI(s)

CCI-002038 - The organization requires users to reauthenticate upon organization-defined circumstances or situations requiring reauthentication.

Weight

Fix Recommendation

After making any account privilege changes, administrator must go to Status >> Main >> Active Users and disconnect the user's current session if they are currently logged on.

Check Contents

Go to Status >> Main >> Active Users and ensure that the user is not currently logged on. If the user is logged in, it is a finding.

Vulnerability Number

V-65163

Documentable

False

Rule Version

WSDP-NM-000108

Severity Override Guidance

Go to Status >> Main >> Active Users and ensure that the user is not currently logged on. If the user is logged in, it is a finding.

Check Content Reference

Target Key

2861

The DataPower Gateway must require users to re-authenticate when privilege escalation or role changes occur.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments