The application server must enforce information flow using dynamic control, based on policy that allows or disallows information flow based on changing conditions or operational considerations.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35549 | SRG-APP-000055-AS-NA | SV-46836r1_rule | Medium |
| Description |
|---|
| Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information), without explicit regard to subsequent access to that information. Information flow control applies to a CDS. An AS is not a CDS, guard, or proxy. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43889r1_chk ) |
|---|
| This requirement is NA for the AS SRG. |
| Fix Text (F-40090r1_fix) |
|---|
| The requirement is NA. No fix is required. |