Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Applications published to users are not approved by the IAO/SA.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-16411 | SUN0150 | SV-17404r1_rule | ECSC-1 | Medium |
| Description |
|---|
| Publishing applications to users via the Kiosk mode bypasses a login mode. Therefore, some applications may or may not provide security to identify and authorize users to the application. For instance, adding the xterm application provides users with access to a command-line interface from a Kiosk mode session. This is not ideal since users should not be able to access the server’s command line functionality. Therefore, only approved applications will be published to users. |
| STIG | Date |
|---|---|
| Sun Ray 4 Policy STIG | 2015-04-02 |
Details
| Check Text ( C-17281r1_chk ) |
|---|
| Request a copy of the documentation that lists all approved applications. If unapproved applications are published to users that are not on the list, this is a finding. If no list exists, this is a finding. |
| Fix Text (F-16436r1_fix) |
|---|
| Document and approve all published applications running on the Sun Ray network. |