Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Messages protected with WS_Security must use time stamps with creation and expiration times.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-69279 | APSC-DV-000190 | SV-83901r1_rule | High |
| Description |
|---|
| The lack of time stamps could lead to the eventual replay of the message, leaving the application susceptible to replay events which may result in an immediate loss of confidentiality. |
| STIG | Date |
|---|---|
| Application Security and Development Security Technical Implementation Guide | 2017-03-20 |
Details
| Check Text ( C-69687r1_chk ) |
|---|
| Ask the application representative for the design document. Review the design document for web services using WS-Security tokens. If the application does not utilize WS-Security tokens, this check is not applicable. Examine the contents of a SOAP message using WS Security; all messages should contain time stamps, sequence numbers, and expiration. If messages using WS Security do not contain time stamps, sequence numbers, and expiration, this is a finding. |
| Fix Text (F-75449r1_fix) |
|---|
| Design and configure applications using WS-Security messages to use time stamps with creation and expiration times and sequence numbers. |