Rule ID
SV-279421r1192347_rule
Version
V1R1
Strong access controls are critical to securing the application server. Access control policies (e.g., identity-based policies, role-based policies, attribute-based policies) and access enforcement mechanisms (e.g., access control lists, access control matrices, cryptography) must be implemented to control access between users (or processes acting on behalf of users) and objects (e.g., applications, files, records, processes, application domains) in the application server. Without stringent logical access and authorization controls, an adversary may have the ability, with very little effort, to compromise the application server and associated supporting infrastructure. Satisfies: SRG-APP-000033-AS-000024, SRG-APP-000340-AS-000185
Nutanix AOS supports user and group role mapping. Verify all users or groups match that of the documented mapping policies in the system security plan (SSP). 1. Log in to Prism Element. 2. Click the gear icon in the upper-right corner. 3. Navigate to "Role mapping". For each user or group listed, verify the role granted is according to access control policies. If not, this is a finding.
Configure the user and group mappings to be compliant with the documented mapping policies defined by in the SSP. 1. Log in to Prism Element. 2. Click the gear icon in the upper-right corner. 3. Navigate to "Role mapping". 4. Add users and groups to role mappings per policy.