Documentation - V-220377

V-220377

MarkLogic Server v9 Security Technical Implementation Guide

CAT II

Title

MarkLogic Server must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

Description

<VulnDiscussion>Preventing non-privileged users from executing privileged functions mitigates the risk that unauthorized individuals or processes may gain unnecessary access to information or privileges. System documentation should include a definition of the functionality considered privileged. Depending on circumstances, privileged functions can include, for example, establishing accounts, performing system integrity checks, or administering cryptographic key management activities. Non-priv...

Fix Text (Documentation Requirement)

Review MarkLogic User and Role configurations to ensure correct privileges are assigned and update as required. 1. Navigate to the MarkLogic Admin page >> Security >> Roles. 2. Select specific roles (usually custom defined roles by administrator) and only apply privileges with the least amount of permissions required for a given role. 3. Navigate to the MarkLogic Admin Page >> Security >> Users. 4. Select specific users (usually custom defined users by an administrator) and add/remove roles allowing for the least amount of privileges required for the specified user. 5. Save configuration and repeat for each user-defined User/Role.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel