Application software used to detect the presence of unauthorized software must employ automated detection mechanisms and notify designated organizational officials in accordance with the organization defined frequency.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35607	SRG-APP-000189-AS-NA	SV-46894r1_rule		Medium

Description
Scanning software is purpose-built to check for vulnerabilities in the information system and hosted applications and is also used to enumerate platforms, software flaws, and improper configurations. Scanning software includes the capability to scan for specific functions, applications, ports, protocols, and services that should not be accessible to users or devices and for improperly configured or incorrectly operating information flow mechanisms. This is a vulnerability scanner server requirement. Application servers do not detect the presence of unauthorized software.

Description

Scanning software is purpose-built to check for vulnerabilities in the information system and hosted applications and is also used to enumerate platforms, software flaws, and improper configurations. Scanning software includes the capability to scan for specific functions, applications, ports, protocols, and services that should not be accessible to users or devices and for improperly configured or incorrectly operating information flow mechanisms. This is a vulnerability scanner server requirement. Application servers do not detect the presence of unauthorized software.

STIG	Date
Application Server Security Requirements Guide	2013-01-08

Details

Check Text ( C-43950r1_chk )
This requirement is NA for the AS SRG.

Fix Text (F-40148r1_fix)
The requirement is NA. No fix is required.