Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The application server must associate the identity of the information producer with the information.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35136 | SRG-APP-000081-AS-000046 | SV-46423r1_rule | Medium |
| Description |
|---|
| Non-repudiation supports audit requirements to provide the appropriate organizational officials the means to identify who produced specific information in the event of an information transfer. The nature and strength of the binding between the information producer and the information are determined and approved by the appropriate organizational officials based on the security categorization of the information and relevant risk factors. Application servers contain and host deployed Java-based applications. To maintain non-repudiation, the application server must associate deployed application files with the personnel responsible for deploying the applications. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43524r1_chk ) |
|---|
| Review product documentation and the AS deployment configuration to determine if the AS identifies the individuals responsible for application deployment. If the AS does not meet this requirement, this is a finding. |
| Fix Text (F-39688r1_fix) |
|---|
| Configure the AS to identify the individuals responsible for application deployment. |