← Back to Red Hat Ansible Automation Controller Web Server Security Technical Implementation Guide

V-256946

CAT II (Medium)

All Automation Controller NGINX front-end web servers must not perform user management for hosted applications.

Rule ID

SV-256946r960963_rule

STIG

Red Hat Ansible Automation Controller Web Server Security Technical Implementation Guide

Version

V2R3

CCIs

None

Discussion

Web servers require enterprise-wide user management capability in order to prevent unauthorized access, with features like attempt lockouts and password complexity requirements. Unauthorized access to the web server makes the web server and the organization vulnerable to attack. Note: The underlying NGINX web server does not perform user management or authentication. The Automation Controller includes user management and authentication capabilities. However, the user management controls built into Automation Controller may not be sufficient to enforce the appropriate level of password, sessions, and other policies required. It is strongly recommended that Automation Controller be configured to use the organization's Identity Management/Authentication Service. This may be an AD/LDAP service, OIDC, or other supported authentication service.

Check Content

As a system administrator for each Automation Controller NGINX web server host, navigate to Settings >> Authentication.

Review the configuration and verify that the appropriate authentication service is configured.

If no authentication service is configured, this is a finding.

Fix Text

As a system administrator for each Automation Controller NGINX web server host, navigate to Settings >> Authentication.

Configure the appropriate authentication service.