IBM Aspera Faspex must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

An XCCDF Rule

Description

<VulnDiscussion>Lack of authentication enables anyone to gain access to the network or possibly a network element that provides opportunity for intruders to compromise resources within the network infrastructure. By identifying and authenticating non-organizational users, their access to network resources can be restricted accordingly. IBM Aspera Faspex external users must register for an account and be authenticated before downloading a package. This authentication is conducted by the IBM Aspera Faspex server using password authentication.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-252584r818985_rule
Severity: Medium
References: CCI-000804
Updated: about 1 year ago

To configure Aspera Faspex to authenticate all external recipients of Faspex packages before they can download packages or files within packages: 

- Log in to the IBM Aspera Faspex web page as a user with administrative privilege. 
- Select the "Server" tab.
- Select the "Configuration" tab.
- Select the "Security" option from the left menu.- Check the option "Require external users to register" under the "Registrations" heading.
- Select the "Moderated" option from the picklist for "Self registration" under the Registrations heading.
- Select "Update" at the bottom of the page.

IBM Aspera Faspex must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

Description

Remediation - Manual Procedure