UCF STIG Viewer Logo

The designer will ensure all access authorizations to data are revoked prior to initial assignment, allocation or reallocation to an unused state.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6142 APP3240 SV-6142r1_rule ECRC-1 Medium
Description
DoD data may be compromised if applications do not protect residual data in objects when they are allocated to an unused state. Access authorizations to data should be revoked prior to initial assignment, allocation or reallocation to an unused state because subsequent use of the object could allow access to the residual data.
STIG Date
Application Security and Development Checklist 2014-12-22

Details

Check Text ( C-2956r1_chk )
Ask the application for the design document. Review the design document to ensure the application handles objects so that no residual data exists when reusing objects. No information, including encrypted representations of information, produced by a prior actions is available to any subsequent use of the object. There should be no residual data from the former object.

Verify the design document objects which are reused within the application do not contain any residual information.

1) If the design document does not exist or does not address object reuse, it is a finding.
Fix Text (F-17013r1_fix)
Revoke access authorizations to data revoked prior to initial assignment, allocation, or reallocation, to an unused state.