Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The application server must bind digital signatures to software components and applications in process.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35079 | SRG-APP-000007-AS-000003 | SV-46366r1_rule | Medium |
| Description |
|---|
| If the application server does not maintain the data security attributes while it processes the data, there is a risk of data compromise. Encryption, particularly digital signatures, is utilized to assure the validity of data. Digital signatures must be bound to AS processes or applications that utilize the AS when required as per data owner or classification level. Encryption is also resource intensive and sometimes only a particular sub-component may require encryption. Therefore the AS must also be capable of digitally signing the designated parts of components. For example, that would mean signing a portion of a web services message rather than the entire message. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43466r2_chk ) |
|---|
| Review system documentation to determine if the AS binds digital signatures to designated parts of messages when those messages are processed. If these bindings are not maintained, this is a finding. |
| Fix Text (F-39630r3_fix) |
|---|
| Configure the AS to bind digital signatures to designated parts of messages in process. |