Rule ID
SV-230946r1018753_rule
Version
V2R3
CCIs
CCI-003980, CCI-001812
Allowing anyone to install software, without explicit privileges, creates the risk that untested or potentially malicious software will be installed on the system. This requirement applies to code changes and upgrades for all network devices.
Determine if the network device prohibits installation of software without explicit privileged status. This requirement may be verified by demonstration or configuration review. 1. From the menu, select Tools >> Options >> User Console and Options. 2. Select (highlight) the user profile to be reviewed (group or user) and then select Edit >> Permissions. 3. Check a sampling of users against the current SSP to verify only the users that should have privilege to update software have the Software Upgrade privilege selected. If installation of software is not prohibited without explicit privileged status, this is a finding.
Remove accounts that are not authorized. Do not remove the account of last resort. Compare users with the current SSP and ensure only the users that should have the privilege to update software have the Software Upgrade privilege selected. 1. From the menu, select Tools >> Options >> User Console and Options. 2. Select (highlight) the user profile to be reviewed (group or user) and then select Edit >> Permissions. 3. Disable or delete unauthorized users.