Rule ID
SV-269790r1051755_rule
Version
V1R1
CCIs
CCI-002235, CCI-002169, CCI-000366
Preventing nonprivileged users from executing privileged functions mitigates the risk that unauthorized individuals or processes may gain unnecessary access to information or privileges. Privileged functions include establishing accounts, performing system integrity checks, or administering cryptographic key management activities. Nonprivileged users are individuals that do not possess appropriate authorizations. Satisfies: SRG-APP-000340-NDM-000288, SRG-APP-000329-NDM-000287
Determine if the OS10 Switch prevents nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. Access to privileged functions is restricted by OS10 to users with the appropriate role. Verify the OS10 Switch is configured to assign appropriate user roles to authenticated users. Valid roles are system admin, security admin, network admin, and network operator. Verify the correct role is assigned to each user: OS10# show running-configuration users username admin password **** role sysadmin priv-lvl 15 username op100 password **** role netoperator priv-lvl 1 OS10# If the OS10 Switch does not prevent nonprivileged users from executing privileged functions, this is a finding.
Configure the OS10 Switch to assign appropriate user roles or access levels to authenticated users: OS10(config)# username <name> password ********** role <sysadmin/netoperator/secadmin/netadmin>