STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated just now
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM Aspera Platform 4.2 Security Technical Implementation Guide

V-252645

CAT II (Medium)

The IBM Aspera High-Speed Transfer Server must set the default docroot to an empty folder.

Rule ID

SV-252645r818105_rule

STIG

IBM Aspera Platform 4.2 Security Technical Implementation Guide

Version

V1R3

CCIs

CCI-000382

Discussion

By restricting the default document root for the Aspera HSTS, this allows for explicit access to be defined on a per user basis. By default, all system users can establish a FASP connection and are only restricted by file permissions.

Check Content

Verify the Aspera High-Speed Transfer Server set the default docroot to an empty folder.

Check that the default docroot points to an empty folder with the following command:

$ sudo /opt/aspera/bin/asuserdata -a | grep absolute

canonical_absolute: "<someemptyfolder>"
absolute: "<someemptyfolder>"

If the default docroot is set to "<Empty String>", this is a finding.

Review the default docroot file path from the previous command to ensure it is empty.

$ sudo find <somefilepath> -maxdepth 0 -empty -exec echo {} is empty. \;

<somefilepath> is empty.

If the command does not return "<somefilepath> is empty.", this is a finding.

Fix Text

Configure the Aspera High-Speed Transfer Server to set the default docroot to an empty folder with the following command:

$ sudo /opt/aspera/bin/asconfigurator -x "set_node_data;canonical_absolute,<someemptyfolder>; absolute,<someemptyfolder>"

Restart the IBM Aspera Node service to activate the changes.

$ sudo systemctl restart asperanoded.service