4.2 Secure SECADM Authority

Information

The SECADM (security administrator) role grants the authority to create, alter (where applicable), and drop roles, trusted contexts, audit policies, security label components, security policies and security labels. It is also the authority required to grant and revoke roles, security labels and exemptions, and the SETSESSIONUSER privilege. SECADM authority has no inherent privilege to access data stored in tables. It is recommended that the SECADM role be granted to authorized users only.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

It is important to consider reviewing the members of the SECADM authority when implementing this recommendation. Such consideration of this review is addressed in Section 7.5 of this document.

See Also

https://workbench.cisecurity.org/files/162