V-204714
SV-204714r960846_rule
CAT II
The application server management interface must retain the Standard Mandatory DoD Notice and Consent Banner on the screen until users acknowledge the usage conditions and take explicit actions to log on for further access.
From: Application Server Security Requirements Guide (V4R4)
Description
<VulnDiscussion>To establish acceptance of system usage policy, a click-through banner at the application server management interface logon is required. The banner shall prevent further activity on the application server unless and until the user executes a positive action to manifest agreement by clicking on a box indicating "OK".</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
Check Procedure
Review application server management interface product documentation and configuration to determine that the logon banner can be displayed until the user takes action to acknowledge the agreement.
If the banner screen allows continuation to the application server without user interaction, this is a finding.
Fix Text
Configure the application server management interface to retain the logon banner on the screen until the user takes explicit action to logon to the server.
CCI Reference
CCI-000050- Created
- 2026-04-07 20:08:11
- Last Updated
- 2026-04-07 20:08:11