Title

Self-registration is permitted for users. (Cat I impact)

Discussion

Sun Ray Desktop Unit users are not registered centrally for users by the system administrator. With self-registration, the system administrator does not assign registered tokens to the authorized users. This poses a security risk since users may be able to register themselves in the Sun Ray administration database. If an unauthorized user obtains access to a Sun Ray Desktop unit, then that user may be able to start a session without any intervention from the system administrator.

Check Content

Within the Sun Ray Administration console, perform the following: 1. Select the Advanced Tab. 2. Select the System Policy Tab. 3. Verify the Non-Card Users Access has “Self Registration Allowed” not checked. 4. If Access is set to "Self-Registration Allowed", this is a finding.

Fix Text

Disable Self-Registration for all users. NIPRNET - Within the Sun Ray Administration console, perform the following: 1. Select the Advanced Tab. 2. Select the System Policy Tab. 3. Uncheck the Card Users Access for “Self Registration Allowed”. SIPRNET - Within the Sun Ray Administration console, perform the following: 1. Select the Advanced Tab. 2. Select the System Policy Tab. 3. Uncheck the Non-Card Users Access for “Self Registration Allowed”.

Additional Identifiers

Rule ID:

Vulnerability ID: V-16064

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.