STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must use an enterprise user management system to uniquely identify and authenticate users (or processes acting on behalf of organizational users).

DISA Rule

SV-204745r508029_rule

Vulnerability Number

V-204745

Group Title

SRG-APP-000148

Rule Version

SRG-APP-000148-AS-000101

Severity

CAT II

CCI(s)

• CCI-000764 - The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).

Weight

10

Fix Recommendation

Configure the application server to use an enterprise user management system to uniquely identify and authenticate users and processes acting on behalf of organizational users.

Check Contents

Review application server documentation and configuration settings to determine if the application server is using an enterprise solution to authenticate organizational users and processes running on the users' behalf.

If an enterprise solution is not being used, this is a finding.

Vulnerability Number

V-204745

Documentable

False

Rule Version

SRG-APP-000148-AS-000101

Severity Override Guidance

Review application server documentation and configuration settings to determine if the application server is using an enterprise solution to authenticate organizational users and processes running on the users' behalf.

If an enterprise solution is not being used, this is a finding.

Check Content Reference

M

Target Key

2900

Comments