RFC 3871           Operational Security Requirements      September 2004

   Justification.

      This requirement supports the implementation of the principal of

      "least privilege", which states that an individual should only

      have the privileges necessary to execute the operations he/she is

      required to perform.

   Examples.

      Examples of privilege levels might include "user" which only

      allows the initiation of a PPP or telnet session, "read only",

      which allows read only access to device configuration and

      operational statistics, "root/superuser/administrator" which

      allows update access to all configurable parameters, and

      "operator" which allows updates to a limited, user defined set of

      parameters.  Note that privilege levels may be defined locally on

      the device or on centralized authentication servers.

   Warnings.

      It may be required to provide exceptions to support the

      requirements to support recovery of privileged access (Section

      2.12.15) and to support OS installation and configuration (Section

      2.4.5).  For example, if the OS and/or configuration has somehow

      become corrupt an authorized individual with physical access may

      need to have "root" level access to perform an install.

2.12.14.  Change in Privilege Levels Requires Re Authentication

   Requirement.

      The device MUST re authenticate a user prior to granting any

      change in user authorizations.

   Justification.

      This requirement ensures that users are able to perform only

      authorized actions.

   Examples.

      This requirement might be implemented by assigning base privilege

      levels to all users and allowing the user to request additional

      privileges, with the requests validated by the AAA server.

   Warnings.

      None.

Jones                        Informational                     [Page 63]