UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The application server must use CAC based authentication mechanisms for network access to privileged accounts.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35303 SRG-APP-000156-AS-000105 SV-46590r1_rule High
Description
An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message. Techniques used to address this include protocols that use nonce's (e.g., numbers generated for a specific one-time use) or challenges (e.g., TLS, WS-Security), time-synchronous or challenge-response one-time authenticators and CAC's. Application servers typically provide management access via a web server-based interface or via command line scripted access. As such, the application server must take the necessary steps to ensure the authentication mechanisms built into the application server do not allow for replay based attacks that could compromise privileged accounts. CAC authentication meets these requirements.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-43672r1_chk )
Review AS documentation and configuration to ensure the AS is configured to utilize a CAC when authenticating administrative users. If the AS is not configured to meet this requirement, this is a finding.
Fix Text (F-39849r1_fix)
Configure the AS to utilize CAC based authentication for network access to privileged accounts.