The application server must enforce dual authorization, based on organizational policies and procedures for organization defined privileged commands.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35483	SRG-APP-000034-AS-NA	SV-46770r1_rule		Medium

Description
Dual authorization requires two distinct approving authorities to approve the use of an application command prior to it being invoked. This capability is typically reserved for specific application functionality where the application owner, data owner or organization requires an additional assurance that certain application commands are only invoked under the utmost authority. When a policy is defined stating that certain commands contained within an application require dual authorization before they may be invoked, or when an organization defines a set of application-related privileged commands requiring dual authorization, the application must support those requirements. The IA posture of the AS does not warrant dual authorization.

Description

Dual authorization requires two distinct approving authorities to approve the use of an application command prior to it being invoked. This capability is typically reserved for specific application functionality where the application owner, data owner or organization requires an additional assurance that certain application commands are only invoked under the utmost authority. When a policy is defined stating that certain commands contained within an application require dual authorization before they may be invoked, or when an organization defines a set of application-related privileged commands requiring dual authorization, the application must support those requirements. The IA posture of the AS does not warrant dual authorization.

STIG	Date
Application Server Security Requirements Guide	2013-01-08

Details

Check Text ( C-43836r1_chk )
This requirement is NA for the AS SRG.

Fix Text (F-40024r1_fix)
The requirement is NA. No fix is required.