The application server must notify users of organization defined security-related changes to the users account occurring during the organization defined time period.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35134 | SRG-APP-000079-AS-000044 | SV-46421r1_rule | Low |
| Description |
|---|
| DoD may define certain security events as events requiring user notification. An organization may define an event such as a password change to a user's account occurring outside of normal business hours as a security related event requiring that the application user be notified. In those instances, where organizations define such events, the application server must notify the affected user or users. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43522r4_chk ) |
|---|
| Review AS product documentation and server configuration to determine if the AS notifies users of security-related changes to the users' accounts occurring during the organization defined time period. If the users are not informed of this information during the organization-defined time period, this is a finding. |
| Fix Text (F-39686r3_fix) |
|---|
| Configure the AS to notify users of security-related events associated with their accounts that occur within the defined time period. |