UCF STIG Viewer Logo

Applications published to users are not approved by the IAO/SA.


Finding ID Version Rule ID IA Controls Severity
V-16411 SUN0150 SV-17404r1_rule ECSC-1 Medium
Publishing applications to users via the Kiosk mode bypasses a login mode. Therefore, some applications may or may not provide security to identify and authorize users to the application. For instance, adding the xterm application provides users with access to a command-line interface from a Kiosk mode session. This is not ideal since users should not be able to access the server’s command line functionality. Therefore, only approved applications will be published to users.
Sun Ray 4 Policy STIG 2015-04-02


Check Text ( C-17281r1_chk )
Request a copy of the documentation that lists all approved applications. If unapproved applications are published to users that are not on the list, this is a finding. If no list exists, this is a finding.
Fix Text (F-16436r1_fix)
Document and approve all published applications running on the Sun Ray network.