The application server must notify users of organization defined security-related changes to the users account occurring during the organization defined time period.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35134	SRG-APP-000079-AS-000044	SV-46421r1_rule		Low

Description
DoD may define certain security events as events requiring user notification. An organization may define an event such as a password change to a user's account occurring outside of normal business hours as a security related event requiring that the application user be notified. In those instances, where organizations define such events, the application server must notify the affected user or users.

Description

DoD may define certain security events as events requiring user notification. An organization may define an event such as a password change to a user's account occurring outside of normal business hours as a security related event requiring that the application user be notified. In those instances, where organizations define such events, the application server must notify the affected user or users.

STIG	Date
Application Server Security Requirements Guide	2013-01-08

Details

Check Text ( C-43522r4_chk )
Review AS product documentation and server configuration to determine if the AS notifies users of security-related changes to the users' accounts occurring during the organization defined time period. If the users are not informed of this information during the organization-defined time period, this is a finding.

Fix Text (F-39686r3_fix)
Configure the AS to notify users of security-related events associated with their accounts that occur within the defined time period.