Applications must protect the integrity of transmitted information.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-27057 | SRG-APP-NA | SV-34352r1_rule | Medium |
| Description |
|---|
| Ensuring the integrity of transmitted information requires that applications take feasible measures to employ security during data transport. Examples include but are not limited to SSL, TLS and IPSEC, and VPN. This requirement applies to communications across internal and external networks. If the organization is relying on a commercial service provider for transmission services as a commodity item rather than a fully dedicated service, it may be more difficult to obtain the necessary assurances regarding the implementation of needed security controls for transmission integrity. When it is infeasible or impractical to obtain the necessary security controls and assurances of control effectiveness through appropriate contracting vehicles, the organization either implements appropriate compensating security controls or explicitly accepts the additional risk. This is a network requirement regarding the use of dedicated circuits and does not apply to applications. |
| STIG | Date |
|---|---|
| Application Security Requirements Guide | 2011-12-28 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (None) |
|---|
| None |