STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server management interface must retain the Standard Mandatory DoD Notice and Consent Banner on the screen until users acknowledge the usage conditions and take explicit actions to log on for further access.

DISA Rule

SV-204714r508029_rule

Vulnerability Number

V-204714

Group Title

SRG-APP-000069

Rule Version

SRG-APP-000069-AS-000036

Severity

CAT II

CCI(s)

• CCI-000050 - The information system retains the notification message or banner on the screen until users acknowledge the usage conditions and take explicit actions to log on to or further access the information system.

Weight

10

Fix Recommendation

Configure the application server management interface to retain the logon banner on the screen until the user takes explicit action to logon to the server.

Check Contents

Review application server management interface product documentation and configuration to determine that the logon banner can be displayed until the user takes action to acknowledge the agreement.

If the banner screen allows continuation to the application server without user interaction, this is a finding.

Vulnerability Number

V-204714

Documentable

False

Rule Version

SRG-APP-000069-AS-000036

Severity Override Guidance

Review application server management interface product documentation and configuration to determine that the logon banner can be displayed until the user takes action to acknowledge the agreement.

If the banner screen allows continuation to the application server without user interaction, this is a finding.

Check Content Reference

M

Target Key

2900

Comments