Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-69279 | APSC-DV-000190 | SV-83901r1_rule | High |
Description |
---|
The lack of time stamps could lead to the eventual replay of the message, leaving the application susceptible to replay events which may result in an immediate loss of confidentiality. |
STIG | Date |
---|---|
Application Security and Development Security Technical Implementation Guide | 2017-03-20 |
Check Text ( C-69687r1_chk ) |
---|
Ask the application representative for the design document. Review the design document for web services using WS-Security tokens. If the application does not utilize WS-Security tokens, this check is not applicable. Examine the contents of a SOAP message using WS Security; all messages should contain time stamps, sequence numbers, and expiration. If messages using WS Security do not contain time stamps, sequence numbers, and expiration, this is a finding. |
Fix Text (F-75449r1_fix) |
---|
Design and configure applications using WS-Security messages to use time stamps with creation and expiration times and sequence numbers. |