Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The application server must use CAC based authentication mechanisms for network access to privileged accounts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35303 | SRG-APP-000156-AS-000105 | SV-46590r1_rule | High |
| Description |
|---|
| An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message. Techniques used to address this include protocols that use nonce's (e.g., numbers generated for a specific one-time use) or challenges (e.g., TLS, WS-Security), time-synchronous or challenge-response one-time authenticators and CAC's. Application servers typically provide management access via a web server-based interface or via command line scripted access. As such, the application server must take the necessary steps to ensure the authentication mechanisms built into the application server do not allow for replay based attacks that could compromise privileged accounts. CAC authentication meets these requirements. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43672r1_chk ) |
|---|
| Review AS documentation and configuration to ensure the AS is configured to utilize a CAC when authenticating administrative users. If the AS is not configured to meet this requirement, this is a finding. |
| Fix Text (F-39849r1_fix) |
|---|
| Configure the AS to utilize CAC based authentication for network access to privileged accounts. |