Skip to content
ATO Pathways
  Log In

The ICS must be configured to prevent nonprivileged users from executing privileged functions.

An XCCDF Rule

Description

<VulnDiscussion>Preventing nonprivileged users from executing privileged functions mitigates the risk that unauthorized individuals or processes may gain unnecessary access to information or privileges. Privileged functions include, for example, establishing accounts, performing system integrity checks, or administering cryptographic key management activities. Nonprivileged users are individuals that do not possess appropriate authorizations. Satisfies: SRG-APP-000340-NDM-000288, SRG-APP-000380-NDM-000304, SRG-APP-000378-NDM-000302, SRG-APP-000133-NDM-000244, SRG-APP-000123-NDM-000240, SRG-APP-000121-NDM-000238, SRG-APP-000231-NDM-000271, SRG-APP-000408-NDM-000314, SRG-APP-000329-NDM-000287, SRG-APP-000153-NDM-000249, SRG-APP-000119-NDM-000236, SRG-APP-000120-NDM-000237, SRG-APP-000033-NDM-000212, SRG-APP-000516-NDM-000335, SRG-APP-000516-NDM-000336, SRG-APP-000177-NDM-000263, SRG-APP-000080-NDM-000220</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-258600r997506_rule
Severity
High
References
Updated



Remediation - Manual Procedure

Configure Realms and Roles as needed to meet mission requirements.

Note: The ".Administrators" role is a default role name, other administrator role names can be used. Groups must be used, separate usernames or an allow-all username of * is not acceptable.

In the ICS Web UI, navigate to Administrators >> Admin Realms >> Admin Realms.
1. Click the admin realm that is currently being used on the ICS for administrator logins. By default, it is "Admin Users".