| V-81409 | High | Delivery Controller must implement NIST FIPS-validated cryptography for the following: to provision digital signatures; to generate cryptographic hashes; and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The application must implement cryptographic modules adhering to the higher standards... |
| V-81405 | High | Delivery Controller must implement DoD-approved encryption. | Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session.
Remote access is access to DoD nonpublic information... |
| V-81403 | Medium | Delivery Controller must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types. | Application management includes the ability to control the number of users and user sessions that utilize an application. Limiting the number of allowed users and sessions per user is helpful in... |
| V-81407 | Medium | Delivery Controller must be configured to disable non-essential capabilities. | It is detrimental for applications to provide or install by default functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and... |
| V-81411 | Medium | Delivery Controller must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. | Configuring the application to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security... |
