UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The application server must employ cryptographic mechanisms to ensure confidentiality and integrity of all information at rest when stored off-line.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35426 SRG-APP-000231-AS-000156 SV-46713r3_rule Medium
Description
This control is intended to address the confidentiality and integrity of information at rest in non-mobile devices and covers user information and system information. Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive, tape drive) within an organizational information system. Application servers generate information throughout the course of their use, most notably, log data. If the data is not encrypted while at rest, the data used later for forensic investigation cannot be guaranteed to be unchanged and cannot be used for prosecution of an attacker. To accomplish a credible investigation and prosecution, the data integrity and information confidentiality must be guaranteed. Application servers must provide the capability to protect all data, especially log data, so as to ensure confidentiality and integrity.
STIG Date
Application Server Security Requirements Guide 2018-09-13

Details

Check Text ( C-43777r2_chk )
Review the application server configuration to ensure the system is protecting the confidentiality and integrity of all application server data at rest when stored off-line.

If the application server is not configured to protect all application server data at rest when stored off-line, this is a finding.
Fix Text (F-39970r3_fix)
Configure the application server to employ cryptographic mechanisms to ensure confidentiality and integrity of all application server data at rest when stored off-line.