DoD STIGs – V-32429

Overview:

Title: To support the requirements and principles of least functionality, the application must support organizational requirements regarding the use of automated mechanisms preventing program execution on the information system in accordance with the organization defined specifications.

Vulnerability ID: V-32429

STIG ID:

IA Controls: None

Severity: medium

Description: Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizational operations (e.g., key missions, functions).

Standard operating procedure for placing an information system into a production environment includes creating a baseline configuration of the system. The baseline configuration provides information about the components of the information system (e.g., the standard software load for a workstation, server, network component, or mobile device including operating system/installed applications with current version numbers and patch information), network topology, and the logical placement of the component within the system architecture.

It is sometimes convenient to provide multiple services from a single information system, but doing so increases risk when compared to limiting the services provided by any one system. This is particularly true when these services have conflicting missions, user communities, or availability requirements.

This requirement addresses the need to provide an automated mechanism that will prevent the execution of programs not associated with the established baseline configuration.

This is a requirement to disable services as part of the baseline process and provide automated tools that monitor the system and prevent unauthorized system processes from executing.

This requirement will apply to configuration management applications, HIDS applications and other similar types of applications designed to manage system processes and configurations. This requirement is NA for databases.

Check Text: This check is NA for databases.

Fix Text: This fix is NA for databases.

[divider]

Interpreting V-32429:

Coming Soon!

Return to the DoD STIGs – Database Security Requirements Guide

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.