Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The application server must establish a trusted communications path between the user and organization defined security functions within the information system.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35336 | SRG-APP-000191-AS-000135 | SV-46623r1_rule | Medium |
| Description |
|---|
| Without a trusted communication path, the AS is vulnerable to a man-in-the-middle attack. Application server user interfaces are used for management of the application server so the communications path between client and server must be trusted or management of the server may be compromised. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43704r2_chk ) |
|---|
| Review the AS configuration to determine if the AS establishes a trusted path for an administrator to enter authentication credentials (password or CAC PIN). If the AS does not provide a trusted path, this is a finding. |
| Fix Text (F-39882r1_fix) |
|---|
| Configure the AS to establish a trusted communications path between all AS managers/administrators and the systems authentication mechanism. |