The IAO will ensure an XML firewall is deployed to protect web services.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-19694 | APP6300 | SV-21835r1_rule | DCSQ-1 | Medium |
| Description |
|---|
| Web Services are vulnerable to many types of attacks. XML based firewalls can be used to prevent common attacks. |
| STIG | Date |
|---|---|
| Application Security and Development Checklist | 2014-12-22 |
Details
| Check Text ( C-24091r1_chk ) |
|---|
| Ask the application representative to verify whether XML based web services are used within the application. If no XML based web services are used in the application, this check is not applicable. If XML based web services are used within the application, ask the application representative for a network diagram identifying the XML firewall placement. Review the network diagrams and determine if all web services are protected by the XML firewall. 1) If network diagrams do not exist or all web services are not protected by the XML firewall, it is a finding. |
| Fix Text (F-23072r1_fix) |
|---|
| Deploy XML Firewall to protect web services. |