STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must authenticate users individually prior to using a group authenticator.

DISA Rule

SV-204748r508029_rule

Vulnerability Number

V-204748

Group Title

SRG-APP-000153

Rule Version

SRG-APP-000153-AS-000104

Severity

CAT II

CCI(s)

• CCI-000770 - The organization requires individuals to be authenticated with an individual authenticator when a group authenticator is employed.

Weight

10

Fix Recommendation

Configure the application server to authenticate users individually prior to allowing any group-based authentication.

Check Contents

Review the application server documentation and configuration to determine if the application server individually authenticates users prior to authenticating via a role or group.

Review application server logs to verify user accesses requiring authentication can be traced back to an individual account.

If the application server does not authenticate users on an individual basis, this is a finding.

Vulnerability Number

V-204748

Documentable

False

Rule Version

SRG-APP-000153-AS-000104

Severity Override Guidance

Review the application server documentation and configuration to determine if the application server individually authenticates users prior to authenticating via a role or group.

Review application server logs to verify user accesses requiring authentication can be traced back to an individual account.

If the application server does not authenticate users on an individual basis, this is a finding.

Check Content Reference

M

Target Key

2900

Comments