V-204782
SV-204782r961278_rule
CAT II
The application server must control remote access methods.
From: Application Server Security Requirements Guide (V4R4)
Description
<VulnDiscussion>Application servers provide remote access capability and must be able to enforce remote access policy requirements or work in conjunction with enterprise tools designed to enforce policy requirements. Automated monitoring and control of remote access sessions allows organizations to detect cyber attacks and also ensure ongoing compliance with remote access policies by logging connection activities of remote users.
Examples of policy requirements include, but are not limited to, authorizing remote access to the information system, limiting access based on authentication credentials, and monitoring for unauthorized access.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
Check Procedure
Review organization policy, application server product documentation and configuration to determine if the system enforces the organization's requirements for remote connections.
If the system is not configured to enforce these requirements, or the remote connection settings are not in accordance with the requirements, this is a finding.
Fix Text
Configure the application server to enforce remote connection settings.
CCI Reference
CCI-002314- Created
- 2026-04-07 20:08:11
- Last Updated
- 2026-04-07 20:08:11