OpenControls Logo

STIG Viewer

All Automation Controller NGINX front-end web servers must not perform user management for hosted applications.

Overview

Finding IDVersionRule IDIA ControlsSeverity
V-256946APWS-AT-000250SV-256946r960963_ruleCCI-000381medium
Description
Web servers require enterprise-wide user management capability in order to prevent unauthorized access, with features like attempt lockouts and password complexity requirements. Unauthorized access to the web server makes the web server and the organization vulnerable to attack. Note: The underlying NGINX web server does not perform user management or authentication. The Automation Controller includes user management and authentication capabilities. However, the user management controls built into Automation Controller may not be sufficient to enforce the appropriate level of password, sessions, and other policies required. It is strongly recommended that Automation Controller be configured to use the organization's Identity Management/Authentication Service. This may be an AD/LDAP service, OIDC, or other supported authentication service.
STIGDate
Red Hat Ansible Automation Controller Web Server Security Technical Implementation Guide2024-08-27

Related Frameworks

3 paths across 3 frameworks
NIST 800-531 mapping
CM-7
1.00
  • DISA · 2 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.4.6
1.00
  • DISA · 2 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000381
1.00
  • DISA · 2 · disa_xccdf · related

Details

Check Text (C-256946r960963_chk)

As a system administrator for each Automation Controller NGINX web server host, navigate to Settings >> Authentication. Review the configuration and verify that the appropriate authentication service is configured. If no authentication service is configured, this is a finding.

Fix Text (F-60563r902351_fix)

As a system administrator for each Automation Controller NGINX web server host, navigate to Settings >> Authentication. Configure the appropriate authentication service.