SV-93713r1_rule
V-79007
SRG-APP-000120-AS-000080
BEMS-00-002800
CAT II
10
Configure BEMS to have at least one user in the following Administrator roles: Server primary administrator, auditor.
1. In the BEMS Dashboard, under "BEMS System Settings", click "BEMS Configuration".
2. Click "Dashboard Administrators".
3. Click "Add Group".
4. In the "Active Directory Security Group" field, type the name of the Microsoft Active Directory security group.
5. Click "Save".
6. Repeat steps 3 to 5 to add additional security groups.
7. For the server primary administrator, the default role of Admin meets the required roles and no additional configuration is needed.
8. For the Auditor role, complete the following steps:
- In active directory, create a domain auditor group and assign personnel designated as auditors to that group.
- Browse to the log repository.
- Right-click on the folder.
- Select "Properties".
- Select the "Security" tab.
- Click "Edit".
- Click "Add".
- Type in name of the user group.
- Confirm that only the necessary groups have rights to the folder (CREATOR OWNER, SYSTEM, Administrators, Auditors).
- Set proper permissions for auditors (Read, List folder contents, Read & Execute).
Verify BEMS has been configured with the following administrator groups/roles, each group/role has required permissions, and at least one user has been assigned to each Administrator group/role: Server primary administrator, auditor.
Procedure for Server Primary Administrator:
1. In the BEMS Dashboard, under "BEMS System Settings", click "BEMS Configuration".
2. Click "Dashboard Administrators".
3. Confirm the Administrator role for the primary server administrator has been assigned the dashboard role of Admin.
4. Verify in AD at least one member has been assigned to the BEMS administrator group. (Note: Actual group name may be different.)
Procedure for Auditor:
1. Verify in AD an auditor group has been set up with at least one member.
2. Browse to the log repository.
3. Right-click on the folder.
4. Select "Properties".
5. Select the "Security" tab.
6. Confirm the auditor security group is listed.
If required administrator roles have not been set up on BEMS and at least one user has not been assigned to each role, this is a finding.
V-79007
False
BEMS-00-002800
Verify BEMS has been configured with the following administrator groups/roles, each group/role has required permissions, and at least one user has been assigned to each Administrator group/role: Server primary administrator, auditor.
Procedure for Server Primary Administrator:
1. In the BEMS Dashboard, under "BEMS System Settings", click "BEMS Configuration".
2. Click "Dashboard Administrators".
3. Confirm the Administrator role for the primary server administrator has been assigned the dashboard role of Admin.
4. Verify in AD at least one member has been assigned to the BEMS administrator group. (Note: Actual group name may be different.)
Procedure for Auditor:
1. Verify in AD an auditor group has been set up with at least one member.
2. Browse to the log repository.
3. Right-click on the folder.
4. Select "Properties".
5. Select the "Security" tab.
6. Confirm the auditor security group is listed.
If required administrator roles have not been set up on BEMS and at least one user has not been assigned to each role, this is a finding.
M
3259