Released 2023-04-10
| STIG ID | Title |
|---|---|
| APAS-AT-000010 | Automation Controller must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types. |
| APAS-AT-000011 | Automation Controller must use encryption strength in accordance with the categorization of the management data during remote access management sessions. |
| APAS-AT-000012 | Automation Controller must implement cryptography mechanisms to protect the integrity of information. |
| APAS-AT-000015 | The Automation Controller management interface must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system. |
| APAS-AT-000017 | Automation Controller must use external log providers that can collect user activity logs in independent, protected repositories to prevent modification or repudiation. |
| APAS-AT-000031 | Automation Controller must allocate log record storage capacity and shut down by default upon log failure (unless availability is an overriding concern). |
| APAS-AT-000032 | Automation Controller must be configured to fail over to another system in the event of log subsystem failure. |
| APAS-AT-000034 | Automation Controller's log files must be accessible by explicitly defined privilege. |
| APAS-AT-000044 | Automation Controller must be capable of reverting to the last known good configuration in the event of failed installations and upgrades. |
| APAS-AT-000047 | Automation Controller must be configured to use an enterprise user management system. |
| APAS-AT-000050 | Automation Controller must be configured to authenticate users individually, prior to using a group authenticator. |
| APAS-AT-000055 | Automation Controller must utilize encryption when using LDAP for authentication. |
| APAS-AT-000078 | Automation Controller must use cryptographic mechanisms to protect the integrity of log tools. |
| APAS-AT-000093 | Automation Controller must compare internal application server clocks at least every 24 hours with an authoritative time source. |
| APAS-AT-000110 | Automation Controller must only allow the use of DOD PKI-established certificate authorities for verification of the establishment of protected sessions. |
| APAS-AT-000122 | Automation Controller must install security-relevant software updates within the time period directed by an authoritative source (e.g. IAVM, CTOs, DTMs, and STIGs). |