UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The application server must utilize automated mechanisms to prevent program execution on the information system.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35238 SRG-APP-000143-AS-000097 SV-46525r1_rule Low
Description
The application server must provide a capability to halt or otherwise disable the automatic execution of deployed applications until such time that the application is considered part of the established application server baseline. Deployment to the application server should not provide a means for automatic application start up should the application server itself encounter a restart condition.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-43606r1_chk )
Review the AS documentation and configuration to determine if the AS can disable automatic execution of deployed applications. Ensure this capability extends to a restart of the AS. If the AS is not configured to meet this requirement, this is a finding.

Fix Text (F-39784r1_fix)
Configure the AS to force newly uploaded applications to be approved prior to execution.