Procedures are not in place to restrict access to FEP functions of the service subsystem from operator consoles (local and/or remote), and to restrict access to the diskette drive of the service subsystem.

An XCCDF Rule

Description

<VulnDiscussion>If components of the FEPs are not properly protected they can be stolen, damaged, or disturbed. Without adequate physical security, unauthorized users can access the control panel, the operator console, and the diskette drive of the service subsystem. Therefore, they can interfere with the normal operations of the FEPs. Improper control of FEP components could compromise network operations.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>Information Assurance Officer</Responsibility><IAControls></IAControls>

ID: SV-7196r3_rule
Severity: Medium
References: CCI-000004
Updated: 8 months ago

Ensure that all hardware components of the FEPs are protected as decribed below and supporting documentation procedures exist for each item:

1.     Documents and procedures restricting access to the hardware components of the FEPs.

2.     Documents and procedures restricting access to the functions of the service subsystem from the control panel.
3.     Documents and procedures restricting access to the functions of the service subsystem from the local and/or remote operator consoles (e.g., physical access, password control, key-lock switch of modems, etc.).

4.     Documents and procedures restricting access to the diskette drive of the service subsystem.

Procedures are not in place to restrict access to FEP functions of the service subsystem from operator consoles (local and/or remote), and to restrict access to the diskette drive of the service subsystem.

Description

Remediation - Manual Procedure