UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The application server must validate the integrity of security attributes exchanged between systems.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35368 SRG-APP-000204-AS-000144 SV-46655r1_rule Medium
Description
Application servers provide a capability to exchange data between multiple web service hops. In application server terms, this is referred to as message layer security. While transport layer security ensures data security between two points, message layer security is built into the message itself and provides security across multiple hops. When data is exchanged between information systems, the integrity of said data needs to be validated. Application servers must be able to validate the integrity of data messages. This is accomplished via the use of cryptographic means such as utilizing cryptographic signatures and data signing.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-43730r1_chk )
Review AS documentation to validate the AS is capable of cryptographically signing the messages that are exchanged between other AS systems. If the AS is not configured to meet this requirement, this is a finding.
Fix Text (F-39912r1_fix)
Configure the AS to cryptographically sign messages when specified by application design or policy.