The designer will ensure the application uses mechanisms assuring the integrity of all transmitted information (including labels and security parameters).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-16794 | APP3260 | SV-17794r1_rule | ECTM-1 ECTM-2 | Medium |
| Description |
|---|
| If integrity checks are not used to detect errors in data streams, there is no way to ensure the integrity of the application data as it traverses the network. |
| STIG | Date |
|---|---|
| Application Security and Development Checklist | 2014-01-07 |
Details
| Check Text ( C-17782r1_chk ) |
|---|
| Ask the application representative to demonstrate the application support mechanisms assuring the integrity of all transmitted information to include labels and security parameters. Ask the application representative to login and demonstrate the application support integrity mechanisms for transmission of both incoming and outgoing files and any transmitted data. For example, hashing/digital signature and cyclic redundancy checks (CRCs) can be used to confirm integrity on data streams and transmitted files. Any integrity checks must be implemented at the application level. Relying on integrity at the TCP or network packet level is not sufficient for transmitted information. 1) If the application does not support integrity mechanisms for any transmitted data, this is a finding. 2) If the application does not support integrity mechanisms for file transmission, this is a finding. *Note: These checks apply to all data transmitted by REST-styled or SOAP-based Web Services. |
| Fix Text (F-17015r1_fix) |
|---|
| Implement integrity mechanisms for transmission of both incoming and outgoing data. |