STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:SV-222556r508029_rule
V-222556
SRG-APP-000180
APSC-DV-001870
CAT II
10
Configure the application to identify and authenticate all non-organizational users.
Review the application documentation and interview the application administrator.
If the application does not host non-organizational users, this requirement is not applicable.
Review the application and verify authentication is enabled and required in order for users to access the application.
Review the application user base and determine if all user accounts are documented and assigned to a unique individual.
Review risk acceptance documentation to determine if there are specific accesses identified that do not require authentication.
If the application does not identify and authenticate non-organizational users and there is no risk acceptance documentation approving the exception, this is a finding.
V-222556
False
APSC-DV-001870
Review the application documentation and interview the application administrator.
If the application does not host non-organizational users, this requirement is not applicable.
Review the application and verify authentication is enabled and required in order for users to access the application.
Review the application user base and determine if all user accounts are documented and assigned to a unique individual.
Review risk acceptance documentation to determine if there are specific accesses identified that do not require authentication.
If the application does not identify and authenticate non-organizational users and there is no risk acceptance documentation approving the exception, this is a finding.
M
4093