STIGQter: STIG Summary: Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide Version: 1 Release: 2 Benchmark Date: 24 Jan 2020:

AAA Services must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.

DISA Rule

SV-95657r1_rule

Vulnerability Number

V-80947

Group Title

SRG-APP-000142-AAA-000680

Rule Version

SRG-APP-000142-AAA-000680

Severity

CAT II

CCI(s)

• CCI-000382 - The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services.

Weight

10

Fix Recommendation

Configure AAA Services to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.

Check Contents

Review the AAA Services configuration to ascertain if it prohibits or restricts the use of organization-defined functions, ports, protocols, and/or services. Further determine if the use is as defined in the PPSM CAL and vulnerability assessments.

If AAA Services are not configured in accordance with the PPSM CAL and vulnerability assessments, this is a finding.

Vulnerability Number

V-80947

Documentable

False

Rule Version

SRG-APP-000142-AAA-000680

Severity Override Guidance

Review the AAA Services configuration to ascertain if it prohibits or restricts the use of organization-defined functions, ports, protocols, and/or services. Further determine if the use is as defined in the PPSM CAL and vulnerability assessments.

If AAA Services are not configured in accordance with the PPSM CAL and vulnerability assessments, this is a finding.

Check Content Reference

M

Target Key

3357

Comments