Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-35735 | SRG-APP-000029-AS-000021 | SV-47022r1_rule | Low |
Description |
---|
When application accounts are terminated, user accessibility is affected. Accounts are utilized for identifying individual application users or for identifying the application processes themselves. In order to detect and respond to events affecting user accessibility and application processing, applications must audit account terminating actions and notify the appropriate individuals, so they can investigate the event. Such a capability greatly reduces the risk that application accessibility will be negatively affected for extended periods of time and provides logging that can be used for forensic purposes. Application servers have the capability to contain user information in a local user store or they can leverage a centralized authentication mechanism like LDAP. Either way, the mechanism employed by the app server must be able to automatically log when user accounts are terminated. The notification requirement particularly applies when the app server is using a local store as there are no other management tools being utilized. |
STIG | Date |
---|---|
Application Server Security Requirements Guide | 2013-01-08 |
Check Text ( C-44078r1_chk ) |
---|
Review AS product documentation and server configuration to determine if the AS automatically logs and notifies appropriate individuals when accounts are terminated. If the AS does not automatically log and notify when accounts are terminated, this is a finding. |
Fix Text (F-40278r1_fix) |
---|
Configure the AS to automatically log and notify appropriate individuals when accounts are terminated. |