UCF STIG Viewer Logo

The designer and IAO will ensure digital signatures exist on UDDI registry entries to verify the publisher.


Overview

Finding ID Version Rule ID IA Controls Severity
V-19696 APP3830 SV-21837r1_rule DCSQ-1 Medium
Description
UDDI registries must provide digital signatures for verification of integrity of the publisher of each web service contained within the registry. Users publishing to the UDDI repository could potentially setup multiple fraudulent web services without a digital signature associated with each web service.
STIG Date
Application Security and Development Checklist 2014-12-22

Details

Check Text ( C-24093r1_chk )
If the application does not utilize UDDI registries or if the application utilizes the DISA PEO-GES managed UDDI registry and the DISA PEO-GES registry employs processes/procedures that control user access for publishing to the UDDI registry, this check is not applicable.

Ask the application representative for the URL for the WSDL for all web services used in the application. Download each WSDL entry using a web browser and verify each entry has been signed by a publisher certificate.

1) If all WSDL entries have not been signed, it is a finding.
Fix Text (F-23049r1_fix)
Add digital signatures to UDDI registries.