Two-person-rule-or-split-password-rule meaning

In most UNIX systems, only one administrator—the superuser called root—has the user ID (UID) zero (0). Thus, individuals having root access have full control over the system. In this capacity, they can delete or modify any file, irrespective of access rights. The superuser password can be known only to the administrator. The password should be disclosed only in cases defined in pertinent regulations, and such disclosures must be documented. Moreover, the superuser login root can be further protected by applying “the two-person rule,” which is a set of measures used to increase security, such as using a split password. Also, the password must have an extended minimum length (such as 12 characters), and the entire minimum length must be checked by the system. Bundesamt für Sicherheit in der Informationstechnik. S 2.33 Division of administrator roles under Unix. [Online, October, 2000.] Bundesamt für Sicherheit in der Informationstechnik Website. http://www.iwar.org.uk/comsec/resources/standards/germany/ itbpm/s/s2033.htm.
0
0
Advertisement