UCF STIG Viewer Logo

The application server must establish a trusted communications path between the user and organization defined security functions within the information system.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35336 SRG-APP-000191-AS-000135 SV-46623r1_rule Medium
Description
Without a trusted communication path, the AS is vulnerable to a man-in-the-middle attack. Application server user interfaces are used for management of the application server so the communications path between client and server must be trusted or management of the server may be compromised.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-43704r2_chk )
Review the AS configuration to determine if the AS establishes a trusted path for an administrator to enter authentication credentials (password or CAC PIN). If the AS does not provide a trusted path, this is a finding.
Fix Text (F-39882r1_fix)
Configure the AS to establish a trusted communications path between all AS managers/administrators and the systems authentication mechanism.