STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated 21 hours ago
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to STIGs

AvePoint Fly Server Security Technical Implementation Guide

Version

V1R1

Release Date

Jun 15, 2026

SCAP Benchmark ID

AvePoint_Fly_Server_STIG

Total Checks

22

Tags

other
CAT I: 4CAT II: 17CAT III: 1

This Security Technical Implementation Guide is published as a tool to improve the security of Department of War (DoW) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSONDownload STIG ZIP

Checks (22)

V-283924MEDIUMFly Server must limit the number of concurrent sessions for all accounts and/or account types.V-283925MEDIUMFly Server must automatically disable accounts after a 35-day period of account inactivity.V-283926MEDIUMFly Server must enforce the limit of three consecutive invalid logon attempts by a user during a 15 minute time period.V-283927MEDIUMFly Server must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management Category Assurance List (PPSM CAL) and vulnerability assessments.V-283928HIGHFly Server must use an approved DoW enterprise identity, credential, and access management (ICAM) solution to uniquely identify and authenticate organizational users.V-283929MEDIUMFly Server must enforce a minimum 15-character password length.V-283930MEDIUMFly Server must enforce password complexity by requiring that at least one uppercase character be used.V-283931MEDIUMFly Server must enforce password complexity by requiring that at least one lowercase character be used.V-283932MEDIUMFly Server must enforce password complexity by requiring that at least one numeric character be used.V-283933MEDIUMFly Server must enforce password complexity by requiring that at least one special character be used.V-283934MEDIUMFly Server must require the change of at least eight of the total number of characters when passwords are changed.V-283935MEDIUMFly Server must enforce 24 hours/1 day as the minimum password lifetime.V-283936MEDIUMFly Server must terminate sessions after 10 minutes.V-283937MEDIUMFly Server must notify system administrators (SAs) and the information system security officer (ISSO) for all account-related events.V-283938HIGHFly Server must have no local accounts for the user interface.V-283939HIGHFly Server must have local authentication disabled.V-283941MEDIUMFly Server must only allow the use of DoW PKI established certificate authorities for verification of the establishment of protected sessions.V-283942LOWFly Server must be configured to use an enterprise database solution.V-284007MEDIUMFly Server must enforce a role-based access control (RBAC) policy over defined subjects and objects.V-284030MEDIUMFly Server must automatically check for updates weekly.V-284031MEDIUMFly Server must be updated within 30 days of an update release.V-284032HIGHFly Server must be a version supported by the vendor.