STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must disable identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.

DISA Rule

SV-204750r508029_rule

Vulnerability Number

V-204750

Group Title

SRG-APP-000163

Rule Version

SRG-APP-000163-AS-000111

Severity

CAT II

CCI(s)

• CCI-000795 - The organization manages information system identifiers by disabling the identifier after an organization-defined time period of inactivity.

Weight

10

Fix Recommendation

Configure the application server to disable identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.

Check Contents

Review the application server documentation and configuration to ensure the application server disables identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.

If the application server is not configured to disable identifiers (individuals, groups, roles, and devices) after 35 days of inactivity, this is a finding.

Vulnerability Number

V-204750

Documentable

False

Rule Version

SRG-APP-000163-AS-000111

Severity Override Guidance

Review the application server documentation and configuration to ensure the application server disables identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.

If the application server is not configured to disable identifiers (individuals, groups, roles, and devices) after 35 days of inactivity, this is a finding.

Check Content Reference

M

Target Key

2900

Comments