The application server must use an enterprise user management system to uniquely identify and authenticate users (or processes acting on behalf of organizational users).
An XCCDF Rule
Description
<VulnDiscussion>To assure accountability and prevent unauthorized access, application server users must be uniquely identified and authenticated. This is typically accomplished via the use of a user store which is either local (OS-based) or centralized (LDAP) in nature. To ensure support to the enterprise, the authentication must utilize an enterprise solution.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-204745r879589_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Configure the application server to use an enterprise user management system to uniquely identify and authenticate users and processes acting on behalf of organizational users.