Documentation - V-222430

V-222430

Application Security and Development Security Technical Implementation Guide

CAT I

Title

The application must execute without excessive account permissions.

Description

<VulnDiscussion>Applications are often designed to utilize a user account. The account represents a means to control application permissions and access to OS resources, application resources or both. When the application is designed and installed, care must be taken not to assign excessive permissions to the user account that is used by the application. An application operating with unnecessary privileges can potentially give an attacker access to the underlying operating system or if the...

Fix Text (Documentation Requirement)

Configure the application accounts with minimalist privileges. Do not allow the application to operate with admin credentials.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel