The Dell OS10 Switch must enforce access restrictions associated with changes to the system components.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-269801	SRG-APP-000516-NDM-000335	OS10-NDM-000920	SV-269801r1051788_rule	2024-12-11	1

Description
Changes to the hardware or software components of the network device can have significant effects on the overall security of the network. Therefore, only qualified and authorized individuals should be allowed administrative access to the network device for implementing any changes or upgrades. This requirement applies to updates of the application files, configuration, ACLs, and policy filters.

ℹ️ Check
Check the OS10 Switch to determine if only authorized administrators have permissions for changes, deletions, and updates on the network device. Inspect the maintenance log to verify changes are being made only by the authorized administrators. Changes, deletions, and updates in Dell OS10 can only be done by users with sysadmin, secadmin, or netadmin role. Verify if there are any unauthorized users assigned to the any of these roles: OS10# show running-configuration users If any unauthorized users are assigned to the sysadmin, secadmin, or netadmin role, this is a finding.

ℹ️ Check

Check the OS10 Switch to determine if only authorized administrators have permissions for changes, deletions, and updates on the network device. Inspect the maintenance log to verify changes are being made only by the authorized administrators. Changes, deletions, and updates in Dell OS10 can only be done by users with sysadmin, secadmin, or netadmin role. Verify if there are any unauthorized users assigned to the any of these roles: OS10# show running-configuration users If any unauthorized users are assigned to the sysadmin, secadmin, or netadmin role, this is a finding.

✔️ Fix
Configure any unauthorized users to have the netoperator role that cannot make any changes: OS10(config)# username <name> password ********** role netoperator