STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated just now
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM Aspera Platform 4.2 Security Technical Implementation Guide

V-252640

CAT II (Medium)

The IBM Aspera High-Speed Transfer Server must not use the root account for transfers.

Rule ID

SV-252640r818090_rule

STIG

IBM Aspera Platform 4.2 Security Technical Implementation Guide

Version

V1R3

CCIs

CCI-000382

Discussion

By incorporating a least privilege approach to the configuration of the Aspera HSTS platform, this will reduce the exposure of privileged accounts. By default, all system users can establish a FASP connection and are only restricted by file permissions.

Check Content

Verify the Aspera High-Speed Transfer Server restricts the use of the root account for transfers with the following command:

Warning: If an invalid user/group name is entered, the asuserdata command will return results that may appear accurate. Ensure that the user/group name is valid and entered into the command correctly.

$ sudo /opt/aspera/bin/asuserdata -u root | grep allowed | grep true

If results are returned from the above command, this is a finding.

Fix Text

Configure the Aspera High-Speed Transfer Server to restrict the use of the root account for transfers.

For each privilege that is set to "true", run the following command:

$ sudo /opt/aspera/bin/asconfigurator -x "set_user_data;user_name,root;<privilege>,false"

Restart the IBM Aspera Node service to activate the changes.

$ sudo systemctl restart asperanoded.service