STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 1 hour ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM AIX 7.x Security Technical Implementation Guide

V-215210

CAT II (Medium)

AIX nosuid option must be enabled on all NFS client mounts.

Rule ID

SV-215210r991589_rule

STIG

IBM AIX 7.x Security Technical Implementation Guide

Version

V3R2

CCIs

CCI-000366

Discussion

Enabling the nosuid mount option prevents the system from granting owner or group-owner privileges to programs with the suid or sgid bit set. If the system does not restrict this access, users with unprivileged access to the local system may be able to acquire privileged access by executing suid or sgid files located on the mounted NFS file system.

Check Content

Check the system for NFS mounts not using the "nosuid" option using command: 

# lsfs -v nfs 
Name            Nodename   Mount Pt               VFS   Size    Options    Auto Accounting
/home/doej        --         /mount/doej            nfs    786432    --              yes         no

If the "mounted" file systems do not have the "nosuid option", this is a finding.

Fix Text

Edit "/etc/filesystems" and add the "nosuid" option for all NFS file systems. 

Remount the NFS file systems to make the change take effect.