STIGhub
STIGs
RMF Controls
Compare
← CM-5 — Access Restrictions for Change
CCI-000345
Definition
Enforce logical access restrictions associated with changes to the system.
Parent Control
CM-5
Access Restrictions for Change
Configuration Management
Linked STIG Checks (20)
V-222626
CAT II
The designer must ensure the application does not store configuration and control files in the same directory as user data.
Application Security and Development Security Technical Implementation Guide
V-242632
CAT II
The Cisco ISE must enforce access restrictions associated with changes to the firmware, OS, and hardware components.
Cisco ISE NDM Security Technical Implementation Guide
V-269801
CAT II
The Dell OS10 Switch must enforce access restrictions associated with changes to the system components.
Dell OS10 Switch NDM Security Technical Implementation Guide
V-255631
CAT II
CounterACT must enforce access restrictions associated with changes to the system components.
ForeScout CounterACT NDM Security Technical Implementation Guide
V-230951
CAT II
Forescout must enforce access restrictions associated with changes to the firmware, OS, USB port, and console port.
Forescout Network Device Management Security Technical Implementation Guide
V-234191
CAT II
The FortiGate device must enforce access restrictions associated with changes to the system components.
Fortinet FortiGate Firewall NDM Security Technical Implementation Guide
V-217480
CAT II
The HP FlexFabric Switch must enforce access restrictions associated with changes to the system components.
HP FlexFabric Switch NDM Security Technical Implementation Guide
V-258600
CAT I
The ICS must be configured to prevent nonprivileged users from executing privileged functions.
Ivanti Connect Secure NDM Security Technical Implementation Guide
V-251003
CAT III
MobileIron Sentry must enforce access restrictions associated with changes to the system components.
Ivanti MobileIron Sentry 9.x NDM Security Technical Implementation Guide
V-251003
CAT III
Sentry must enforce access restrictions associated with changes to the system components.
Ivanti Sentry 9.x NDM Security Technical Implementation Guide
V-253940
CAT II
The Juniper EX switch must be configured to enforce access restrictions associated with changes to the system components.
Juniper EX Series Switches Network Device Management Security Technical Implementation Guide
V-202131
CAT II
The network device must enforce access restrictions associated with changes to the system components.
Network Device Management Security Requirements Guide
V-243151
CAT II
The network device must be configured with both an ingress and egress ACL.
Network WLAN AP-IG Management Security Technical Implementation Guide
V-243169
CAT II
The network device must be configured with both an ingress and egress ACL.
Network WLAN AP-NIPR Management Security Technical Implementation Guide
V-243187
CAT II
The network device must be configured with both an ingress and egress ACL.
Network WLAN Bridge Management Security Technical Implementation Guide
V-243205
CAT II
The network device must be configured with both an ingress and egress ACL.
Network WLAN Controller Management Security Technical Implementation Guide
V-279250
CAT I
The Edge SWG must be configured to assign appropriate user roles or access levels to authenticated users.
Symantec Edge SWG NDM Security Technical Implementation Guide
V-242254
CAT I
The TippingPoint SMS must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access and to enforce access restrictions.
Trend Micro TippingPoint NDM Security Technical Implementation Guide
V-265292
CAT I
The NSX Manager must assign users/accounts to organization-defined roles configured with approved authorizations.
VMware NSX 4.x Manager NDM Security Technical Implementation Guide
V-69211
CAT II
The NSX Manager must enforce access restrictions associated with changes to the system components.
VMware NSX Manager Security Technical Implementation Guide