Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The application server must protect the confidentiality of applications and leverage transmission protection mechanisms such as TLS and SSL VPN when deploying applications.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35425 | SRG-APP-000230-AS-000155 | SV-46712r1_rule | Medium |
| Description |
|---|
| Preventing the disclosure of transmitted information requires that applications take measures to employ some form of cryptographic mechanism in order to protect the information during transmission. This is usually achieved through the use of Transport Layer Security (TLS), SSL VPN, or IPSEC tunnel. If the AS does not protect the application files that are created before and during the application deployment process, there is a risk that the application could be compromised prior to deployment. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43776r1_chk ) |
|---|
| Review the AS configuration to verify that the AS protects application files that are consolidated in preparation for deployment. Protection functionality is usually in the form of OS-related file permission protections. When deploying application files, the AS needs to leverage transmission protection mechanisms, such as TLS, SSL or VPN. If the AS is not configured to protect application files, this is a finding. |
| Fix Text (F-39969r1_fix) |
|---|
| Configure the AS to protect the confidentiality of application files prior to deployment and utilize data encryption such as TLS, SSL VPN, or IPSEC tunnel when deploying the application. |