STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must enforce access restrictions associated with changes to application server configuration.

DISA Rule

SV-204796r508029_rule

Vulnerability Number

V-204796

Group Title

SRG-APP-000380

Rule Version

SRG-APP-000380-AS-000088

Severity

CAT II

CCI(s)

• CCI-001813 - The information system enforces access restrictions.

Weight

10

Fix Recommendation

Configure the application server to enforce access restrictions associated with changes to the application server configuration to include code deployment, library updates, and changes to application server configuration settings.

Check Contents

Review the application server documentation and configuration to determine if the system employs mechanisms to enforce restrictions on application server configuration changes.

Configuration changes include, but are not limited to, automatic code deployments, software library updates, and changes to configuration settings within the application server.

If the application server does not enforce access restrictions for configuration changes, this is a finding.

Vulnerability Number

V-204796

Documentable

False

Rule Version

SRG-APP-000380-AS-000088

Severity Override Guidance

Review the application server documentation and configuration to determine if the system employs mechanisms to enforce restrictions on application server configuration changes.

Configuration changes include, but are not limited to, automatic code deployments, software library updates, and changes to configuration settings within the application server.

If the application server does not enforce access restrictions for configuration changes, this is a finding.

Check Content Reference

M

Target Key

2900

Comments