STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Fortinet FortiGate Firewall NDM Security Technical Implementation Guide

V-234188

CAT II (Medium)

The FortiGate device must prohibit installation of software without explicit privileged status.

Rule ID

SV-234188r984110_rule

STIG

Fortinet FortiGate Firewall NDM Security Technical Implementation Guide

Version

V1R5

CCIs

CCI-001812

Discussion

Allowing anyone to install software, without explicit privileges, creates the risk that untested or potentially malicious software will be installed on the system. This requirement applies to code changes and upgrades for all network devices.

Check Content

Log in to the FortiGate GUI with Super-Admin privilege.

1. Click System.
2. Click Administrators.
3. Identify the administrator that is not authorized to access System Settings and hover over the profile assigned to the role.
4. Click Edit.
5. Verify that the permission to System is set to Read or None.

If any unauthorized administrator has Read/Write access to System, this is a finding.

Fix Text

To limit the System access to existing low-privileged administrators, log in to the FortiGate GUI with Super-Admin privilege.

1. Click System.
2. Click Administrators.
3. Identify the admin role that has unauthorized access to System settings.
4. Select the admin role and hover over the profile assigned to the role.
5. Click Edit.
6. On System access permission, click None or Read only.
7. Click OK to save.

Repeat this process to define all the Administrators needed to meet privilege separation requirements for the organization.