The application server must display an approved system use notification message or banner before granting access to the system.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35102 | SRG-APP-000070-AS-000037 | SV-46389r1_rule | Low |
| Description |
|---|
| Application servers must display an approved system use notification message or banner before granting access to the system. System use notification messages are implemented in the form of warning banners displayed when individuals log in to the information system. System use notification is intended only for information system access including an interactive login interface with a human user and is not intended to require notification when an interactive interface does not exist. Application servers provide a user management interface usually in the form of a web page or command shell. This is used to manage application server configuration and configure application deployment options among other things. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43489r2_chk ) |
|---|
| Review AS product documentation and server configuration to determine if an approved system use notification can be displayed at logon and/or unlock. If there is no banner, or if the banner's wording does not match the approved wording, this is a finding. |
| Fix Text (F-39653r4_fix) |
|---|
| Configure the AS to display an approved system use notification message or banner before granting access to the system, unless the banner text was already displayed to the administrator via the operating system logon on the server on which the application resides. |