UCF STIG Viewer Logo

The application server must use multifactor authentication for network access to privileged accounts.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35300 SRG-APP-000149-AS-000102 SV-46587r1_rule Medium
Description
Multifactor authentication is defined as: using two or more factors to achieve authentication. Factors include: (i) something a user knows (e.g., password/PIN); (ii) something a user has (e.g., cryptographic identification device, token); or (iii) something a user is (e.g., biometric). A CAC meets this definition. A privileged account is defined as an information system account with authorizations of a privileged user. Network access is defined as access to a DoD information system by a user (or process acting on behalf of a user) communicating via a network connection. When accessing the AS via a network connection, administrative access to the application server must be CAC-enabled.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-43669r1_chk )
Review the AS configuration to ensure the system is authenticating via multifactor authentication. If all aspects of AS management interfaces are not authenticating users via multifactor authentication methods, this is a finding. If the AS is not configured for multifactor authentication for network access, this is a finding.
Fix Text (F-39846r1_fix)
Configure the AS to authenticate users via multifactor authentication for network access.