User tokens are not forced to authenticate to the Sun Ray Server.

From Sun Ray 4 STIG

Part of Users are not forced to authenticate to SRSS.

Associated with IA controls: IAIA-2, IAIA-1

SV-17049r2_rule User tokens are not forced to authenticate to the Sun Ray Server.

Vulnerability discussion

The Sun Ray Server must be configured to permit access only to smart cards that are registered in the Sun Ray Datastore.

Check content

Within the Sun Ray Administration console, perform the following: 1. Select the Advanced Tab. 2. Select the System Policy Tab. 3. Verify the Card Users Access has "Users with Registered Tokens" selected. 4. If Access is set to "None" or "All Users", this is a finding

Fix text

Within the Sun Ray Administration console, perform the following: 1. Select the Advanced Tab. 2. Select the System Policy Tab. 3. Check the Card Users Access for “Users with Registered Tokens"

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer