UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The application server must enforce approved authorizations for logical access.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35738 SRG-APP-000033-AS-000024 SV-47025r1_rule High
Description
Strong access controls are critical to securing the AS. Access control policies (e.g., identity-based policies, role-based policies, attribute-based policies) and access enforcement mechanisms (e.g., access control lists, access control matrices, cryptography) must be employed by the AS to control access between users (or processes acting on behalf of users) and objects (e.g., applications, files, records, processes, application domains) in the AS. Without stringent logical access and authorization controls, an adversary may have the ability, with very little effort, to compromise the AS and associated supporting infrastructure.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-44081r1_chk )
Review AS product documentation and configuration to determine if the system enforces authorization requirements for logical access to the system in accordance with applicable policy. If the AS is not configured to utilize access controls, this is a finding.
Fix Text (F-40281r1_fix)
Configure the AS to enforce approved authorizations for logical access to the system in accordance with applicable policy.