Applications providing intrusion and prevention capabilities must prevent non-privileged users from circumventing those capabilities.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35114 | SRG-APP-000285-AS-NA | SV-46401r1_rule | Medium |
| Description |
|---|
| Any application providing intrusion detection and prevention capabilities must be architected and implemented so as to prevent non-privileged users from circumventing such protections. This can be accomplished through the use of user roles, proper systems permissions, auditing, logging, etc. This requirement is NA. The AS is not an incident response tool. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43504r1_chk ) |
|---|
| This requirement is NA for the AS SRG. |
| Fix Text (F-39667r1_fix) |
|---|
| The requirement is NA. No fix is required. |