UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The application server must automatically audit account disabling actions and notify appropriate individuals.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35734 SRG-APP-000028-AS-000020 SV-47021r1_rule Medium
Description
When application accounts are disabled, user accessibility is affected. Accounts are utilized for identifying individual application users or for identifying the application processes themselves. In order to detect and respond to events affecting user accessibility and application processing, applications must audit account disabling actions and, as required, notify the appropriate individuals, so they can investigate the event. Such a capability greatly reduces the risk that application accessibility will be negatively affected for extended periods of time and provides logging that can be used for forensic purposes. Application servers have the capability to contain user information in a local user store or they can leverage a centralized authentication mechanism like LDAP. Either way, the mechanism used by the app server must automatically log when user accounts are disabled.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-44077r1_chk )
Review the AS product documentation and configuration to determine if the AS automatically logs when accounts are disabled and notifies appropriate individuals. If the AS is not configured to perform this requirement itself or if it does not utilize an enterprise user registry that performs this requirement, this is a finding.
Fix Text (F-40277r1_fix)
Configure the AS to automatically log and notify when accounts are disabled. If the AS utilizes an enterprise user registry, configure the registry to automatically log and notify appropriate individuals when accounts are disabled.