UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The designer and IAO will ensure application resources are protected with permission sets which allow only an application administrator to modify application resource configuration files.


Overview

Finding ID Version Rule ID IA Controls Severity
V-16803 APP3450 SV-17803r1_rule ECCD-1 Medium
Description
If application resources are not protected with permission sets that allow only an application administrator to modify application resource configuration files, unauthorized users can modify configuration files allowing these users to capture data within the application, or turn off encryption, or change any configurable option in the application.
STIG Date
Application Security and Development Checklist 2014-12-22

Details

Check Text ( C-17801r1_chk )
Ask the application representative to demonstrate the application resources have appropriate access permissions.

1) If the application representative cannot demonstrate all application resources have appropriate access permissions, it is a finding.

Review the locations of all configuration files used by the application. Ask the application representative to demonstrate configuration files used by the application are restricted to authorized users.

2) If access permissions to configuration files are not restricted to application administrators, it is a finding.
Fix Text (F-17084r1_fix)
Correct access permissions restricting the modification of application resources.