UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Automation Controller must be configured to authenticate users individually, prior to using a group authenticator.


Overview

Finding ID Version Rule ID IA Controls Severity
V-256906 APAS-AT-000050 SV-256906r902288_rule Medium
Description
Default superuser accounts, such as "root", are considered group authenticators. In the case of Automation Controller this is the "admin" account.
STIG Date
Red Hat Ansible Automation Controller Application Server Security Technical Implementation Guide 2023-03-15

Details

Check Text ( C-60581r902286_chk )
Log in to the Automation Controller web console as an administrator and navigate to Access >> Users.

The only local user allowed is the default/breakglass "admin". All other users need to come from an external authentication source. If any other local users exist, this is a finding.
Fix Text (F-60523r902287_fix)
Log in to the Automation Controller web console as an administrator and navigate to Access >> Users.

Click the Username to be removed.

Select "Delete" and confirm.