Configuration management applications must employ automated mechanisms to centrally respond to unauthorized changes to configuration settings.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35586	SRG-APP-000138-AS-NA	SV-46873r1_rule		Medium

Description
Configuration settings are the configurable security-related parameters of information technology products that are part of the information system. Responses to unauthorized changes to configuration settings can include alerting designated organizational personnel, restoring mandatory/organization defined configuration settings, or in the extreme case, halting affected information system processing. "Centrally respond" means to respond to unauthorized changes to settings that have taken effect from a centralized location. The AS is not a configuration management application. This requirement does not apply.

Description

Configuration settings are the configurable security-related parameters of information technology products that are part of the information system. Responses to unauthorized changes to configuration settings can include alerting designated organizational personnel, restoring mandatory/organization defined configuration settings, or in the extreme case, halting affected information system processing. "Centrally respond" means to respond to unauthorized changes to settings that have taken effect from a centralized location. The AS is not a configuration management application. This requirement does not apply.

STIG	Date
Application Server Security Requirements Guide	2013-01-08

Details

Check Text ( C-43928r1_chk )
This requirement is NA for the AS SRG.

Fix Text (F-40127r1_fix)
The requirement is NA. No fix is required.