STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

DISA Rule

SV-204712r508029_rule

Vulnerability Number

V-204712

Group Title

SRG-APP-000033

Rule Version

SRG-APP-000033-AS-000024

Severity

CAT II

CCI(s)

• CCI-000213 - The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Weight

10

Fix Recommendation

Configure the application server to enforce access control policies for logical access to the system in accordance with applicable policy.

Check Contents

Review application server product documentation and configuration to determine if the system enforces authorization requirements for logical access to the system in accordance with applicable policy.

If the application server is not configured to utilize access controls or follow access control policies, this is a finding.

Vulnerability Number

V-204712

Documentable

False

Rule Version

SRG-APP-000033-AS-000024

Severity Override Guidance

Review application server product documentation and configuration to determine if the system enforces authorization requirements for logical access to the system in accordance with applicable policy.

If the application server is not configured to utilize access controls or follow access control policies, this is a finding.

Check Content Reference

M

Target Key

2900

Comments