UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Application Server must provide a separate, distinct administrative account when accessing AS security functions or security relevant information.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35743 SRG-APP-000063-AS-000029 SV-47030r1_rule Medium
Description
In order to limit exposure, the AS must control access to security functions and security relevant information. To meet this requirement, the AS must provide a privileged account, or admin role that is separate from non-privileged accounts. Access to the security functions and security relevant information must then be limited to this admin account or role. Not providing separate privileged and un-privileged accounts will lead to a loss of accountability regarding administrative activity.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-44086r1_chk )
Review AS documentation and configuration to verify the AS provides a separate administrator account (or role) that provides sole access to AS security-relevant functions and information. If the AS does not meet this requirement, this is a finding.
Fix Text (F-40286r1_fix)
Configure the AS to utilize a separate administrator account when accessing AS security functions and security relevant information.