Skip to content

Application Server Security Requirements Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • The application server must log the enforcement actions used to restrict access associated with changes to the application server.

    <VulnDiscussion>Without logging the enforcement of access restrictions against changes to the application server configuration, it will be di...
    Rule Medium Severity
  • SRG-APP-000389

    <GroupDescription></GroupDescription>
    Group
  • The application server must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.

    &lt;VulnDiscussion&gt;Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When applica...
    Rule Medium Severity
  • SRG-APP-000391

    <GroupDescription></GroupDescription>
    Group
  • The application server must accept Personal Identity Verification (PIV) credentials to access the management interface.

    &lt;VulnDiscussion&gt;The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. PIV credentials are only...
    Rule High Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules