Fly Server must have no local accounts for the user interface.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-283938 | FLYS-00-000110 | SV-283938r1223357_rule | CCI-000766 | high |
| Description | ||||
| To ensure accountability and prevent unauthenticated access, nonprivileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system. Multifactor authentication uses two or more factors to achieve authentication. Factors include: (i) Something you know (e.g., password/PIN); (ii) Something you have (e.g., cryptographic identification device, token); or (iii) Something you are (e.g., biometric). A nonprivileged account is any information system account with authorizations of a nonprivileged user. Network access is any access to an application by a user (or process acting on behalf of a user) where said access is obtained through a network connection. Applications integrating with the DoW Active Directory and utilize the DoW CAC are examples of compliant multifactor authentication solutions. Satisfies: SRG-APP-000150, SRG-APP-000023, SRG-APP-000024, SRG-APP-000065, SRG-APP-000148, SRG-APP-000153, SRG-APP-000154, SRG-APP-000155, SRG-APP-000156, SRG-APP-000157, SRG-APP-000163, SRG-APP-000175, SRG-APP-000176, SRG-APP-000177, SRG-APP-000178, SRG-APP-000180, SRG-APP-000183, SRG-APP-000318, SRG-APP-000345, SRG-APP-000389, SRG-APP-000391, SRG-APP-000392, SRG-APP-000394, SRG-APP-000395, SRG-APP-000400, SRG-APP-000401, SRG-APP-000402, SRG-APP-000403, SRG-APP-000404, SRG-APP-000405, SRG-APP-000410, SRG-APP-000427, SRG-APP-000580, SRG-APP-000700, SRG-APP-000705, SRG-APP-000710, SRG-APP-000740, SRG-APP-000815, SRG-APP-000820, SRG-APP-000825, SRG-APP-000830, SRG-APP-000835, SRG-APP-000840, SRG-APP-000845, SRG-APP-000850, SRG-APP-000855, SRG-APP-000860, SRG-APP-000865, SRG-APP-000870, SRG-APP-000875, SRG-APP-000880, SRG-APP-000885, SRG-APP-000890 | ||||
| STIG | Date | |||
| AvePoint Fly Server Security Technical Implementation Guide | 2026-06-15 | |||
Details
Check Text (C-283938r1223357_chk)
Once Active Directory is configured in FLYS-00-000055, all local users must be removed.
Check the Fly Server User settings:
- On the Management >> Account Manager tab, view the list of users.
- User accounts tied to an Active Directory domain will be defined as [domainname]\[username].
If any of the users listed are not tied to Active Directory, this is a finding.
Fix Text (F-88408r1206167_fix)
Once Active Directory is configured in FLYS-00-000055, remove all local users:
- On the Management >> Account Manager tab, remove all local users.