STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:SV-222527r508029_rule
V-222527
SRG-APP-000151
APSC-DV-001590
CAT II
10
Configure the application to only use Alt. Tokens when locally accessing privileged application accounts.
Review the application documentation and interview the application administrator to identify application access methods.
Ask the application administrator to present both their primary CAC and their Alt. Token. Ask the application administrator to log on to the application using the local application console.
Attempt to use both the CAC and Alt. Tokens to authenticate to the application.
Validate the application requests the user to input their CAC PIN and that they cannot perform administrative functions.
Have user logoff and reauthenticate with their Alt. Token and that they can perform administrative functions.
If the application allows administrative access to the application without requiring an Alt. Token, this is a finding.
V-222527
False
APSC-DV-001590
Review the application documentation and interview the application administrator to identify application access methods.
Ask the application administrator to present both their primary CAC and their Alt. Token. Ask the application administrator to log on to the application using the local application console.
Attempt to use both the CAC and Alt. Tokens to authenticate to the application.
Validate the application requests the user to input their CAC PIN and that they cannot perform administrative functions.
Have user logoff and reauthenticate with their Alt. Token and that they can perform administrative functions.
If the application allows administrative access to the application without requiring an Alt. Token, this is a finding.
M
4093