The Application Server must provide a separate, distinct administrative account when accessing AS security functions or security relevant information.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35743	SRG-APP-000063-AS-000029	SV-47030r1_rule		Medium

Description
In order to limit exposure, the AS must control access to security functions and security relevant information. To meet this requirement, the AS must provide a privileged account, or admin role that is separate from non-privileged accounts. Access to the security functions and security relevant information must then be limited to this admin account or role. Not providing separate privileged and un-privileged accounts will lead to a loss of accountability regarding administrative activity.

Description

In order to limit exposure, the AS must control access to security functions and security relevant information. To meet this requirement, the AS must provide a privileged account, or admin role that is separate from non-privileged accounts. Access to the security functions and security relevant information must then be limited to this admin account or role. Not providing separate privileged and un-privileged accounts will lead to a loss of accountability regarding administrative activity.

STIG	Date
Application Server Security Requirements Guide	2013-01-08

Details

Check Text ( C-44086r1_chk )
Review AS documentation and configuration to verify the AS provides a separate administrator account (or role) that provides sole access to AS security-relevant functions and information. If the AS does not meet this requirement, this is a finding.

Fix Text (F-40286r1_fix)
Configure the AS to utilize a separate administrator account when accessing AS security functions and security relevant information.