Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-35743 | SRG-APP-000063-AS-000029 | SV-47030r1_rule | Medium |
Description |
---|
In order to limit exposure, the AS must control access to security functions and security relevant information. To meet this requirement, the AS must provide a privileged account, or admin role that is separate from non-privileged accounts. Access to the security functions and security relevant information must then be limited to this admin account or role. Not providing separate privileged and un-privileged accounts will lead to a loss of accountability regarding administrative activity. |
STIG | Date |
---|---|
Application Server Security Requirements Guide | 2013-01-08 |
Check Text ( C-44086r1_chk ) |
---|
Review AS documentation and configuration to verify the AS provides a separate administrator account (or role) that provides sole access to AS security-relevant functions and information. If the AS does not meet this requirement, this is a finding. |
Fix Text (F-40286r1_fix) |
---|
Configure the AS to utilize a separate administrator account when accessing AS security functions and security relevant information. |