UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The application server must use an enterprise user management system to uniquely identify and authenticate users (or processes acting on behalf of organizational users).


Overview

Finding ID Version Rule ID IA Controls Severity
V-35299 SRG-APP-000148-AS-000101 SV-46586r3_rule Medium
Description
To assure accountability and prevent unauthorized access, application server users must be uniquely identified and authenticated. This is typically accomplished via the use of a user store which is either local (OS-based) or centralized (LDAP) in nature. To ensure support to the enterprise, the authentication must utilize an enterprise solution.
STIG Date
Application Server Security Requirements Guide 2015-08-28

Details

Check Text ( C-43668r2_chk )
Review application server documentation and configuration settings to determine if the application server is using an enterprise solution to authenticate organizational users and processes running on the users' behalf.

If an enterprise solution is not being used, this is a finding.
Fix Text (F-39845r2_fix)
Configure the application server to use an enterprise user management system to uniquely identify and authenticate users and processes acting on behalf of organizational users.