800-53|AC-2(7)

Title

ROLE-BASED SCHEMES

Description

The organization:

Supplemental

Privileged roles are organization-defined roles assigned to individuals that allow those individuals to perform certain security-relevant functions that ordinary users are not authorized to perform. These privileged roles include, for example, key management, account management, network and system administration, database administration, and web administration.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: ACCESS CONTROL

Parent Title: ACCOUNT MANAGEMENT

Family: ACCESS CONTROL

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
3.1 - Roles, Applications, and Authentication - Review custom roles	Netapp_API	NetApp Security Hardening Guide for ONTAP 9 v1.7.0
4.04 init.ora - 'remote_os_roles = FALSE'	Windows	CIS v1.1.0 Oracle 11g OS Windows Level 1
4.04 init.ora - 'remote_os_roles = FALSE'	Unix	CIS v1.1.0 Oracle 11g OS L1
4.08 init.ora - 'os_roles = FALSE'	Windows	CIS v1.1.0 Oracle 11g OS Windows Level 1
4.08 init.ora - 'os_roles = FALSE'	Unix	CIS v1.1.0 Oracle 11g OS L1
ARST-ND-000350 - The Arista network device must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.	Arista	DISA STIG Arista MLS EOS 4.2x NDM v2r1
CASA-ND-000450 - The Cisco ASA must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable - serial	Cisco	DISA STIG Cisco ASA NDM v2r1
CASA-ND-000450 - The Cisco ASA must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable - ssh	Cisco	DISA STIG Cisco ASA NDM v2r1
CASA-ND-000450 - The Cisco ASA must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable - username	Cisco	DISA STIG Cisco ASA NDM v2r1
CISC-ND-000490 - The Cisco router must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.	Cisco	DISA STIG Cisco IOS-XR Router NDM v3r1
CISC-ND-000490 - The Cisco router must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.	Cisco	DISA STIG Cisco IOS Router NDM v3r1
CISC-ND-000490 - The Cisco router must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.	Cisco	DISA STIG Cisco IOS XE Router NDM v3r1
CISC-ND-000490 - The Cisco switch must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.	Cisco	DISA STIG Cisco NX-OS Switch NDM v3r1
CISC-ND-000490 - The Cisco switch must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.	Cisco	DISA STIG Cisco IOS XE Switch NDM v3r1
CISC-ND-000490 - The Cisco switch must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.	Cisco	DISA STIG Cisco IOS Switch NDM v3r1
Citrix ADC - System Parameters - Local Authentication	Citrix_Application_Delivery	Tenable Best Practice Citrix ADC v1.0.0
FGFW-ND-000030 - The FortiGate device must have only one local account to be used as the account of last resort in the event the authentication server is unavailable.	FortiGate	DISA Fortigate Firewall NDM STIG v1r4
JUEX-NM-000240 - The Juniper EX switch must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.	Juniper	DISA Juniper EX Series Network Device Management v2r1
JUNI-ND-000490 - The Juniper router must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.	Juniper	DISA STIG Juniper Router NDM v3r1
SYMP-NM-000010 - Symantec ProxySG must be configured with only one local account that is used as the account of last resort.	BlueCoat	DISA Symantec ProxySG Benchmark NDM v1r2

Detections

Analytics