UCF STIG Viewer Logo

The application server must associate the identity of the information producer with the information.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35136 SRG-APP-000081-AS-000046 SV-46423r1_rule Medium
Description
Non-repudiation supports audit requirements to provide the appropriate organizational officials the means to identify who produced specific information in the event of an information transfer. The nature and strength of the binding between the information producer and the information are determined and approved by the appropriate organizational officials based on the security categorization of the information and relevant risk factors. Application servers contain and host deployed Java-based applications. To maintain non-repudiation, the application server must associate deployed application files with the personnel responsible for deploying the applications.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-43524r1_chk )
Review product documentation and the AS deployment configuration to determine if the AS identifies the individuals responsible for application deployment. If the AS does not meet this requirement, this is a finding.
Fix Text (F-39688r1_fix)
Configure the AS to identify the individuals responsible for application deployment.