The application server must enforce an access control policy that includes or excludes access to application objects to the granularity of a single user.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35101 | SRG-APP-000297-AS-NA | SV-46388r1_rule | Medium |
| Description |
|---|
| Including or excluding access to the granularity of a single user means providing the capability to either allow or deny access to application objects on a per single user basis. The requirement is NA. The AS utilizes RBAC and does not allow individual users to specify or control sharing of AS objects. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43490r1_chk ) |
|---|
| This requirement is NA for the AS SRG. |
| Fix Text (F-39654r1_fix) |
|---|
| The requirement is NA. No fix is required. |