Documentation - V-251185

V-251185

Redis Enterprise 6.x Security Technical Implementation Guide

CAT I

Title

Redis Enterprise DBMS must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Description

<VulnDiscussion>Authentication with a DoD-approved PKI certificate does not necessarily imply authorization to access the DBMS. To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems, including databases, must be properly configured to implement access control policies. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedure...

Fix Text (Documentation Requirement)

To modify the commands or keys a user is able to access, perform the following steps: 1. Log in to Redis Enterprise. 2. Navigate to the access controls tab. 3. Ensure the appropriate role is configured by inspecting the Redis ACL rules and Roles in the Redis ACL and Role sub-tabs. 4. If an appropriate role is not present, create the appropriate role. 5. On the users tab, assign the appropriate role to the user in question.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel