Fly Server must have no local accounts for the user interface.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| high | V-283938 | SRG-APP-000150 | FLYS-00-000110 | SV-283938r1223357_rule | 2026-06-15 | 1 |
Description
To ensure accountability and prevent unauthenticated access, nonprivileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system.
Multifactor authentication uses two or more factors to achieve authentication.
Factors include:
(i) Something you know (e.g., password/PIN);
(ii) Something you have (e.g., cryptographic identification device, token); or
(iii) Something you are (e.g., biometric).
A nonprivileged account is any information system account with authorizations of a nonprivileged user.
Network access is any access to an application by a user (or process acting on behalf of a user) where said access is obtained through a network connection.
Applications integrating with the DoW Active Directory and utilize the DoW CAC are examples of compliant multifactor authentication solutions.
Satisfies: SRG-APP-000150, SRG-APP-000023, SRG-APP-000024, SRG-APP-000065, SRG-APP-000148, SRG-APP-000153, SRG-APP-000154, SRG-APP-000155, SRG-APP-000156, SRG-APP-000157, SRG-APP-000163, SRG-APP-000175, SRG-APP-000176, SRG-APP-000177, SRG-APP-000178, SRG-APP-000180, SRG-APP-000183, SRG-APP-000318, SRG-APP-000345, SRG-APP-000389, SRG-APP-000391, SRG-APP-000392, SRG-APP-000394, SRG-APP-000395, SRG-APP-000400, SRG-APP-000401, SRG-APP-000402, SRG-APP-000403, SRG-APP-000404, SRG-APP-000405, SRG-APP-000410, SRG-APP-000427, SRG-APP-000580, SRG-APP-000700, SRG-APP-000705, SRG-APP-000710, SRG-APP-000740, SRG-APP-000815, SRG-APP-000820, SRG-APP-000825, SRG-APP-000830, SRG-APP-000835, SRG-APP-000840, SRG-APP-000845, SRG-APP-000850, SRG-APP-000855, SRG-APP-000860, SRG-APP-000865, SRG-APP-000870, SRG-APP-000875, SRG-APP-000880, SRG-APP-000885, SRG-APP-000890
ℹ️ Check
Once Active Directory is configured in FLYS-00-000055, all local users must be removed.
Check the Fly Server User settings:
- On the Management >> Account Manager tab, view the list of users.
- User accounts tied to an Active Directory domain will be defined as [domainname]\[username].
If any of the users listed are not tied to Active Directory, this is a finding.
✔️ Fix
Once Active Directory is configured in FLYS-00-000055, remove all local users:
- On the Management >> Account Manager tab, remove all local users.