UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The application server must allow authorized users to associate PKI credentials with information.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35088 SRG-APP-000012-AS-000008 SV-46375r1_rule Medium
Description
Throughout the course of normal usage, authorized users of application servers will have the need to associate security attributes in the form of PKI credentials with information. The AS utilizes a role based authentication model when managing AS resources and limits access according to user role. The AS must ensure that only the users who are authorized to associate security attributes with information are allowed to do so.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-43475r2_chk )
Review AS documentation to determine if the AS only allows authorized administrators to associate PKI credentials with information. If the AS allows individuals other than authorized users to associate PKI credentials with information, this is a finding.
Fix Text (F-39639r2_fix)
Configure AS accounts so only authorized users can associate PKI credentials with information.