UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IAO will ensure if the UDDI registry contains sensitive information and read access to the UDDI registry is granted only to authenticated users.


Overview

Finding ID Version Rule ID IA Controls Severity
V-19700 APP6320 SV-21841r1_rule ECCR-1 ECCR-2 Medium
Description
If a UDDI registry contains sensitive data, the repository should require authentication to read the UDDI data repository. If the repository does not require authentication, the UDDI data repository will be accessed by anonymous users.
STIG Date
Application Security and Development Checklist 2014-12-22

Details

Check Text ( C-24097r1_chk )
If the application does not utilize UDDI registries, this check is not applicable.

Ask the application representative to demonstrate authentication is required when UDDI registry contains sensitive information.

1) If the application representative is unable to demonstrate authentication is required when UDDI registry contains sensitive information, it is a finding.
Fix Text (F-23074r1_fix)
Add access control mechanism for access to sensitive UDDI XML.