Fly Server must enforce a role-based access control (RBAC) policy over defined subjects and objects.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-284007 | SRG-APP-000329 | FLYS-00-000805 | SV-284007r1207111_rule | 2026-06-15 | 1 |
Description
RBAC is an access control policy that restricts information system access to authorized users. Without these security policies, access control and enforcement mechanisms will not prevent unauthorized access.
Organizations can create specific roles based on job functions and the authorizations (i.e., privileges) to perform needed operations on organizational information systems associated with the organization-defined roles. When users are assigned to the organizational roles, they inherit the authorizations or privileges defined for those roles. RBAC simplifies privilege administration for organizations because privileges are not assigned directly to every user (which can be a significant number of individuals for mid- to large-size organizations) but are instead acquired through role assignments. RBAC can be implemented either as a mandatory or discretionary form of access control.
Pertains to Zero Trust.
Satisfies: SRG-APP-000329, SRG-APP-000233, SRG-APP-000328, SRG-APP-001040, SRG-APP-001045
ℹ️ Check
RBAC hierarchy is to be defined by the authorizing official (AO). Separation of duties must be configured.
Check the Fly Server Role settings:
- Log on to Fly Server Manager with an admin account.
- On the Management >> Role Manager tab, view the configured roles.
If only one role exists, this is a finding.
Check the role assignments:
- On the Management >> Account Manager tab, view the Role column.
If only one role is assigned, this is a finding.
If only one user exists in the list of users, this is a finding.
✔️ Fix
RBAC hierarchy is to be defined by the AO. Separation of duties must be configured.
Configure the Fly Server Role settings:
- Log on to Fly Server Manager with an admin account.
- On the Management >> Role Manager tab, configure two or more roles.
Configure the role assignments:
- On the Management >> Account Manager tab, assign a unique role to two or more users. Add users if necessary.