Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The application server must associate security attributes with information exchanged between information systems.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35361 | SRG-APP-000203-AS-000143 | SV-46648r1_rule | Medium |
| Description |
|---|
| When data is exchanged between information systems, the security attributes associated with said data needs to be maintained. Application servers provide a capability to exchange data between multiple web service hops. In application server terms, this is referred to as message layer security. While transport layer security ensures data security between two points, message layer security is built into the message itself and provides security across multiple hops. Policy sets are used to specify how the message is to be protected (e.g., encrypt the entire message, portions of the message, or just sign the message). The application server must bind policy sets to messages when message layer security is employed. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43726r1_chk ) |
|---|
| Review AS documentation to validate the AS binds policy sets with information exchanged between information systems. If the AS does not bind policy sets with information exchanged between information systems, this is a finding. |
| Fix Text (F-39908r1_fix) |
|---|
| Configure the AS to bind policy sets that are used to protect messages. |