The application server must route all remote management access through a centrally managed access control point.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35092 | SRG-APP-000017-AS-000012 | SV-46379r1_rule | Medium |
| Description |
|---|
| Remote network access is accomplished by leveraging common communication protocols and establishing a remote connection to the AS. Application server clusters are multiple application servers hosting the same application or applications. Clusters are utilized to provide application load balancing and /or redundancy. Without centralized control of clustered application servers, management of multiple application servers configured in a cluster is difficult at best. It is critical that application servers provide the capability to manage all application servers contained within a cluster from the centralized designated management system. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43479r2_chk ) |
|---|
| Review product documentation and system configuration to ensure the AS provides the capability to control all servers in a cluster from a centralized management system. If the AS is not configured to meet this requirement, it is a finding. Fix Text: Configure the AS to manage all servers in the cluster from a centralized management system. |
| Fix Text (F-39643r2_fix) |
|---|
| Configure the AS to manage all servers in the cluster from a centralized management system. |