800-53|AC-2(7)

Title

ROLE-BASED SCHEMES

Description

The organization:

Supplemental

Privileged roles are organization-defined roles assigned to individuals that allow those individuals to perform certain security-relevant functions that ordinary users are not authorized to perform. These privileged roles include, for example, key management, account management, network and system administration, database administration, and web administration.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: ACCESS CONTROL

Parent Title: ACCOUNT MANAGEMENT

Family: ACCESS CONTROL

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
3.1 - Roles, Applications, and Authentication - Review custom roles	Netapp_API	NetApp Security Hardening Guide for ONTAP 9 v1.7.0
4.04 init.ora - 'remote_os_roles = FALSE'	Windows	CIS v1.1.0 Oracle 11g OS Windows Level 1
4.04 init.ora - 'remote_os_roles = FALSE'	Unix	CIS v1.1.0 Oracle 11g OS L1
4.08 init.ora - 'os_roles = FALSE'	Windows	CIS v1.1.0 Oracle 11g OS Windows Level 1
4.08 init.ora - 'os_roles = FALSE'	Unix	CIS v1.1.0 Oracle 11g OS L1
ARST-ND-000350 - The Arista network device must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.	Arista	DISA STIG Arista MLS EOS 4.2x NDM v1r1
CASA-ND-000450 - The Cisco ASA must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable - serial	Cisco	DISA STIG Cisco ASA NDM v1r6
CASA-ND-000450 - The Cisco ASA must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable - ssh	Cisco	DISA STIG Cisco ASA NDM v1r6
CASA-ND-000450 - The Cisco ASA must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable - username	Cisco	DISA STIG Cisco ASA NDM v1r6
CISC-ND-000490 - The Cisco router must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.	Cisco	DISA STIG Cisco IOS Router NDM v2r8
CISC-ND-000490 - The Cisco router must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.	Cisco	DISA STIG Cisco IOS-XR Router NDM v2r5
CISC-ND-000490 - The Cisco router must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.	Cisco	DISA STIG Cisco IOS XE Router NDM v2r9
CISC-ND-000490 - The Cisco switch must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.	Cisco	DISA STIG Cisco IOS XE Switch NDM v2r8
CISC-ND-000490 - The Cisco switch must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.	Cisco	DISA STIG Cisco NX-OS Switch NDM v2r7
CISC-ND-000490 - The Cisco switch must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.	Cisco	DISA STIG Cisco IOS Switch NDM v2r8
Citrix ADC - System Parameters - Local Authentication	Citrix_Application_Delivery	Tenable Best Practice Citrix ADC v1.0.0
DO0240-ORACLE11 - The Oracle OS_ROLES parameter should be set to FALSE - 'os_roles = false'	OracleDB	DISA STIG Oracle 11 Instance v9r1 Database
DO3539-ORACLE11 - The Oracle REMOTE_OS_ROLES parameter should be set to FALSE - 'remote_os_roles = false'	OracleDB	DISA STIG Oracle 11 Instance v9r1 Database
FGFW-ND-000030 - The FortiGate device must have only one local account to be used as the account of last resort in the event the authentication server is unavailable.	FortiGate	DISA Fortigate Firewall NDM STIG v1r4
JUEX-NM-000240 - The Juniper EX switch must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.	Juniper	DISA Juniper EX Series Network Device Management v1r4
JUNI-ND-000490 - The Juniper router must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable	Juniper	DISA STIG Juniper Router NDM v2r3
SYMP-NM-000010 - Symantec ProxySG must be configured with only one local account that is used as the account of last resort.	BlueCoat	DISA Symantec ProxySG Benchmark NDM v1r2

Detections

Analytics