Documentation - V-251188

V-251188

Redis Enterprise 6.x Security Technical Implementation Guide

CAT II

Title

Redis Enterprise DBMS must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

Description

<VulnDiscussion>Preventing non-privileged users from executing privileged functions mitigates the risk that unauthorized individuals or processes may gain unnecessary access to information or privileges. System documentation should include a definition of the functionality considered privileged. Depending on circumstances, privileged functions can include, for example, establishing accounts, performing system integrity checks, or administering cryptographic key management activities. Non-priv...

Fix Text (Documentation Requirement)

To ensure that a non-privileged user is not granted a non-default role, perform the following steps: 1. Log in to the Redis Enterprise control plane. 2. Navigate to the access control tab. 3. Navigate to the users tab and review the roles for users. 4. Assign users an appropriate role, and if necessary, create a new role for the user. 5. Modify and save the users' new role after ensuring the role is provided with the appropriate permissions.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel