IBM Aspera Faspex must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

An XCCDF Rule

Description

Lack of authentication enables anyone to gain access to the network or possibly a network element that provides opportunity for intruders to compromise resources within the network infrastructure. By identifying and authenticating non-organizational users, their access to network resources can be restricted accordingly. IBM Aspera Faspex external users must register for an account and be authenticated before downloading a package. This authentication is conducted by the IBM Aspera Faspex server using password authentication.

ID: SV-252584r818985_rule
Version: ASP4-FA-050200
Severity: Medium
References: CCI-000804
Updated: 15 days ago

Remediation Templates

To configure Aspera Faspex to authenticate all external recipients of Faspex packages before they can download packages or files within packages: 

- Log in to the IBM Aspera Faspex web page as a user with administrative privilege. 
- Select the "Server" tab.
- Select the "Configuration" tab.
- Select the "Security" option from the left menu.- Check the option "Require external users to register" under the "Registrations" heading.
- Select the "Moderated" option from the picklist for "Self registration" under the Registrations heading.
- Select "Update" at the bottom of the page.

IBM Aspera Faspex must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

Description

Remediation Templates

A Manual Procedure