The IAO will ensure if the UDDI registry contains sensitive information and read access to the UDDI registry is granted only to authenticated users.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-19700 | APP6320 | SV-21841r1_rule | ECCR-1 ECCR-2 | Medium |
| Description |
|---|
| If a UDDI registry contains sensitive data, the repository should require authentication to read the UDDI data repository. If the repository does not require authentication, the UDDI data repository will be accessed by anonymous users. |
| STIG | Date |
|---|---|
| Application Security and Development Checklist | 2014-12-22 |
Details
| Check Text ( C-24097r1_chk ) |
|---|
| If the application does not utilize UDDI registries, this check is not applicable. Ask the application representative to demonstrate authentication is required when UDDI registry contains sensitive information. 1) If the application representative is unable to demonstrate authentication is required when UDDI registry contains sensitive information, it is a finding. |
| Fix Text (F-23074r1_fix) |
|---|
| Add access control mechanism for access to sensitive UDDI XML. |