Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The application server must validate the binding of the information producers identity to the information.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35138 | SRG-APP-000082-AS-000047 | SV-46425r1_rule | Medium |
| Description |
|---|
| Non-repudiation protects individuals against later claims by an author of not having authored a particular document, a sender of not having transmitted a message, a receiver of not having received a message, or a signatory of not having signed a document. This non-repudiation control enhancement is intended to mitigate the risk that information gets modified between production and review. The validation of bindings can be achieved, for example, by the use of cryptographic checksums. Application servers must be able to authenticate digitally signed application deployment files. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43525r1_chk ) |
|---|
| Review product documentation and the AS deployment configuration to determine if the AS authenticates the digital certificates used to sign the application deployment files. If the AS does not meet this requirement, this is a finding. |
| Fix Text (F-39689r1_fix) |
|---|
| Configure the AS to authenticate digitally signed application deployment files. |