Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The application server must verify digital signatures on software components and applications in process.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35127 | SRG-APP-000007-AS-000004 | SV-46414r1_rule | Medium |
| Description |
|---|
| If the application does not maintain the data security attributes while it processes the data, there is a risk of data compromise. Encryption is utilized to assist in the maintenance of data security attributes. Encryption is also resource intensive and sometimes only a particular sub-component of a web services message or application may require encryption. The AS must be capable of verifying the digital signatures attached to any and all parts of messages and applications. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43515r1_chk ) |
|---|
| Review system documentation to determine if the AS verifies the digital signatures attached to messages when those messages are processed. If these verifications are not performed, this is a finding. |
| Fix Text (F-39679r2_fix) |
|---|
| Configure the AS to verify digital signatures attached to messages and applications. |