Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The application server must notify appropriate individuals when account disabling actions are taken.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35448 | SRG-APP-000293-AS-000177 | SV-46735r1_rule | Medium |
| Description |
|---|
| When application accounts are disabled, user accessibility is affected. Accounts are utilized for identifying individual application users or for identifying the application processes themselves. Application servers provide either a local user store or they can integrate with enterprise user stores like LDAP. As such, the authentication method employed by the application server must be able to notify designated individuals when accounts are disabled. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43802r1_chk ) |
|---|
| Review AS product documentation and server configuration to determine if the AS is configured to notify staff when accounts are disabled. If the AS is not configured to meet this requirement, this is a finding. |
| Fix Text (F-39992r1_fix) |
|---|
| Configure the AS to automatically notify appropriate personnel when accounts are disabled. |