UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The application server must bind digital signatures to software components and applications in process.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35079 SRG-APP-000007-AS-000003 SV-46366r1_rule Medium
Description
If the application server does not maintain the data security attributes while it processes the data, there is a risk of data compromise. Encryption, particularly digital signatures, is utilized to assure the validity of data. Digital signatures must be bound to AS processes or applications that utilize the AS when required as per data owner or classification level. Encryption is also resource intensive and sometimes only a particular sub-component may require encryption. Therefore the AS must also be capable of digitally signing the designated parts of components. For example, that would mean signing a portion of a web services message rather than the entire message.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-43466r2_chk )
Review system documentation to determine if the AS binds digital signatures to designated parts of messages when those messages are processed. If these bindings are not maintained, this is a finding.
Fix Text (F-39630r3_fix)
Configure the AS to bind digital signatures to designated parts of messages in process.