STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:SV-222529r508029_rule
V-222529
SRG-APP-000153
APSC-DV-001610
CAT II
10
Design and configure the application to individually authenticate group account members prior to allowing access.
Review the application documentation, examine user accounts, group membership and interview the application administrator to identify group or shared accounts. Document the group or shared account information.
If the application does not use group or shared accounts, this requirement is not applicable.
Create a test account or use an existing group member account.
Ensure the test account is not authenticated to the application and attempt to access the application with the group account credentials.
If the application allows access without first requiring the group member to authenticate with their individual credentials, this is a finding.
V-222529
False
APSC-DV-001610
Review the application documentation, examine user accounts, group membership and interview the application administrator to identify group or shared accounts. Document the group or shared account information.
If the application does not use group or shared accounts, this requirement is not applicable.
Create a test account or use an existing group member account.
Ensure the test account is not authenticated to the application and attempt to access the application with the group account credentials.
If the application allows access without first requiring the group member to authenticate with their individual credentials, this is a finding.
M
4093