Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The application server must allow authorized users to associate PKI credentials with information.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35088 | SRG-APP-000012-AS-000008 | SV-46375r1_rule | Medium |
| Description |
|---|
| Throughout the course of normal usage, authorized users of application servers will have the need to associate security attributes in the form of PKI credentials with information. The AS utilizes a role based authentication model when managing AS resources and limits access according to user role. The AS must ensure that only the users who are authorized to associate security attributes with information are allowed to do so. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43475r2_chk ) |
|---|
| Review AS documentation to determine if the AS only allows authorized administrators to associate PKI credentials with information. If the AS allows individuals other than authorized users to associate PKI credentials with information, this is a finding. |
| Fix Text (F-39639r2_fix) |
|---|
| Configure AS accounts so only authorized users can associate PKI credentials with information. |