The application server must allow authorized users to associate PKI credentials with information.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35088	SRG-APP-000012-AS-000008	SV-46375r1_rule		Medium

Description
Throughout the course of normal usage, authorized users of application servers will have the need to associate security attributes in the form of PKI credentials with information. The AS utilizes a role based authentication model when managing AS resources and limits access according to user role. The AS must ensure that only the users who are authorized to associate security attributes with information are allowed to do so.

Description

Throughout the course of normal usage, authorized users of application servers will have the need to associate security attributes in the form of PKI credentials with information. The AS utilizes a role based authentication model when managing AS resources and limits access according to user role. The AS must ensure that only the users who are authorized to associate security attributes with information are allowed to do so.

STIG	Date
Application Server Security Requirements Guide	2013-01-08

Details

Check Text ( C-43475r2_chk )
Review AS documentation to determine if the AS only allows authorized administrators to associate PKI credentials with information. If the AS allows individuals other than authorized users to associate PKI credentials with information, this is a finding.

Fix Text (F-39639r2_fix)
Configure AS accounts so only authorized users can associate PKI credentials with information.