The application server must isolate security functions enforcing access and information flow control from both non-security functions and from other security functions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35641 | SRG-APP-000235-AS-NA | SV-46928r1_rule | Medium |
| Description |
|---|
| Application functionality is typically broken down into modules that perform various tasks or roles. Examples of non-privileged application functionality include, but are not limited to, application modules written for displaying data or printing reports. This is an information flow requirement. Information flow control applies to applications like a CDS. An AS is not a CDS. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43983r1_chk ) |
|---|
| This requirement is NA for the AS SRG. |
| Fix Text (F-40183r1_fix) |
|---|
| The requirement is NA. No fix is required. |