UCF STIG Viewer Logo

The application server must protect the confidentiality of applications and leverage transmission protection mechanisms such as TLS and SSL VPN when deploying applications.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35425 SRG-APP-000230-AS-000155 SV-46712r1_rule Medium
Description
Preventing the disclosure of transmitted information requires that applications take measures to employ some form of cryptographic mechanism in order to protect the information during transmission. This is usually achieved through the use of Transport Layer Security (TLS), SSL VPN, or IPSEC tunnel. If the AS does not protect the application files that are created before and during the application deployment process, there is a risk that the application could be compromised prior to deployment.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-43776r1_chk )
Review the AS configuration to verify that the AS protects application files that are consolidated in preparation for deployment. Protection functionality is usually in the form of OS-related file permission protections. When deploying application files, the AS needs to leverage transmission protection mechanisms, such as TLS, SSL or VPN. If the AS is not configured to protect application files, this is a finding.
Fix Text (F-39969r1_fix)
Configure the AS to protect the confidentiality of application files prior to deployment and utilize data encryption such as TLS, SSL VPN, or IPSEC tunnel when deploying the application.