Detections
Analytics
PANW-NM-000075 - Administrators in the role of Security Administrator, Cryptographic Administrator, or Audit Administrator must not also have the role of Audit Administrator.
Information
The Palo Alto Networks security platform has both pre-configured and configurable Administrator roles. Administrator roles determine the functions that the administrator is permitted to perform after logging in. Roles can be assigned directly to an administrator account, or define role profiles, which specify detailed privileges, and assign those to administrator accounts.There are three preconfigured roles designed to comply with Common Criteria requirements - Security Administrator, Audit Administrator, and Cryptographic Administrator. Of the three, only the Audit Administrator can delete audit records. The Palo Alto Networks security platform can use both pre-configured and configurable Administrator roles.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Do not assign or configure more than one account to the same Administrator. Also, neither the Security Administrator nor the Cryptographic Administrator can be have the role of Audit Administrator.Note that the system allows each account to have only one role assigned. However, individuals, either accidentally or intentionally, may have more than one account.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_PAN_Y25M04_STIG.zip
Item Details
Audit Name: DISA Palo Alto Networks NDM STIG v3r3
Category: CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY
References: 800-53|CM-6b., 800-53|SI-11b., CAT|II, CCI|CCI-000366, CCI|CCI-001314, Rule-ID|SV-228659r961863_rule, STIG-ID|PANW-NM-000075, STIG-Legacy|SV-77235, STIG-Legacy|V-62745, Vuln-ID|V-228659
Plugin: Palo_Alto
Control ID: 7a823530cf273cc540a342afeddab80d9470c613c3d9df92efa6c76798f5813f