Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-35738 | SRG-APP-000033-AS-000024 | SV-47025r1_rule | High |
Description |
---|
Strong access controls are critical to securing the AS. Access control policies (e.g., identity-based policies, role-based policies, attribute-based policies) and access enforcement mechanisms (e.g., access control lists, access control matrices, cryptography) must be employed by the AS to control access between users (or processes acting on behalf of users) and objects (e.g., applications, files, records, processes, application domains) in the AS. Without stringent logical access and authorization controls, an adversary may have the ability, with very little effort, to compromise the AS and associated supporting infrastructure. |
STIG | Date |
---|---|
Application Server Security Requirements Guide | 2013-01-08 |
Check Text ( C-44081r1_chk ) |
---|
Review AS product documentation and configuration to determine if the system enforces authorization requirements for logical access to the system in accordance with applicable policy. If the AS is not configured to utilize access controls, this is a finding. |
Fix Text (F-40281r1_fix) |
---|
Configure the AS to enforce approved authorizations for logical access to the system in accordance with applicable policy. |