UCF STIG Viewer Logo

Red Hat Ansible Automation Controller Application Server Security Technical Implementation Guide


Date Finding Count (16)
2023-08-29 CAT I (High): 1 CAT II (Med): 15 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles

Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-256898 High Automation Controller must implement cryptography mechanisms to protect the integrity of information.
V-256903 Medium Automation Controller's log files must be accessible by explicitly defined privilege.
V-256902 Medium Automation Controller must be configured to fail over to another system in the event of log subsystem failure.
V-256901 Medium Automation Controller must allocate log record storage capacity and shut down by default upon log failure (unless availability is an overriding concern).
V-256900 Medium Automation Controller must use external log providers that can collect user activity logs in independent, protected repositories to prevent modification or repudiation.
V-256907 Medium Automation Controller must utilize encryption when using LDAP for authentication.
V-256906 Medium Automation Controller must be configured to authenticate users individually, prior to using a group authenticator.
V-256905 Medium Automation Controller must be configured to use an enterprise user management system.
V-256904 Medium Automation Controller must be capable of reverting to the last known good configuration in the event of failed installations and upgrades.
V-256911 Medium Automation Controller must install security-relevant software updates within the time period directed by an authoritative source (e.g. IAVM, CTOs, DTMs, and STIGs).
V-256909 Medium Automation Controller must compare internal application server clocks at least every 24 hours with an authoritative time source.
V-256908 Medium Automation Controller must use cryptographic mechanisms to protect the integrity of log tools.
V-256910 Medium Automation Controller must only allow the use of DOD PKI-established certificate authorities for verification of the establishment of protected sessions.
V-256897 Medium Automation Controller must use encryption strength in accordance with the categorization of the management data during remote access management sessions.
V-256896 Medium Automation Controller must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.
V-256899 Medium The Automation Controller management interface must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system.