UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The application server management interface must provide a logout functionality to allow the user to manually terminate the session.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35419 SRG-APP-000221-AS-000149 SV-46706r1_rule Medium
Description
Manually terminating an AS management session allows users to immediately depart the physical vicinity of the system they are logged into without the risk of subsequent system users or unauthorized parties reactivating or continuing their session. User's who log into the application server management interface must have the ability to manually terminate their session.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-43769r1_chk )
Manually terminating an AS management session allows users to immediately depart the physical vicinity of the system they are logged into without the risk of subsequent system users or unauthorized parties reactivating or continuing their session. User's who log into the application server management interface must have the ability to manually terminate their session.
Fix Text (F-39962r1_fix)
Configure the AS to provide a logout functionality to allow the user to manually terminate the session.