UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The application server must use CAC based authentication mechanisms for local access to privileged accounts.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35301 SRG-APP-000151-AS-000103 SV-46588r1_rule Medium
Description
Multifactor authentication is defined as: using two or more factors to achieve authentication. Factors include: (i) something a user knows (e.g., password/PIN); (ii) something a user has (e.g., cryptographic identification device, token); or (iii) something a user is (e.g., biometric). A privileged account is defined as an information system account with authorizations of a privileged user. Local Access is defined as access to a DoD information system by a user (or process acting on behalf of a user) communicating through a direct connection without the use of a network. When accessing the AS via a local connection, also known as a console connection, administrative access to the application server must be CAC-enabled.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-43670r1_chk )
Review the AS documentation and configuration to determine if the AS is configured to require multifactor authentication. If the AS is not configured for multifactor authentication for local access, this is a finding.

If the AS is not capable of using CAC based authentication for local access to privileged accounts, this is a finding.
Fix Text (F-39847r1_fix)
Configure the application server to use CAC based authentication mechanisms for local access to privileged accounts.