Skip to content

The Automation Controller web server must manage sessions.

An XCCDF Rule

Description

<VulnDiscussion>Session management on client and server is required to protect identity and authorization information. Sessions for the Automation Controller web server, if compromised, could lead to execution of jobs on remote endpoints as if authenticated. Satisfies: SRG-APP-000001-WSR-000002, SRG-APP-000001-WSR-000001, SRG-APP-000295-WSR-000012, SRG-APP-000295-WSR-000134</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-256940r903545_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Log in to Automation Controller as an administrator and navigate to Settings >> System >> Miscellaneous Authentication.

Click "Edit".

Set the following parameters: