Free DISA STIG and SRG Library | Vaulted

V-35299

The application server must use an enterprise user management system to uniquely identify and authenticate users (or processes acting on behalf of organizational users).

Finding ID
SRG-APP-000148-AS-000101
Rule ID
SV-46586r3_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-APP-000148-AS-000101
CCI
CCI-000764
Target Key
(None)
Documentable
No
Discussion

To assure accountability and prevent unauthorized access, application server users must be uniquely identified and authenticated. This is typically accomplished via the use of a user store which is either local (OS-based) or centralized (LDAP) in nature. To ensure support to the enterprise, the authentication must utilize an enterprise solution.

Fix Text

Configure the application server to use an enterprise user management system to uniquely identify and authenticate users and processes acting on behalf of organizational users.

Check Content

Review application server documentation and configuration settings to determine if the application server is using an enterprise solution to authenticate organizational users and processes running on the users' behalf. If an enterprise solution is not being used, this is a finding.