The application must protect the integrity of information during the processes of data aggregation, packaging, and transformation in preparation for transmission.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32543	SRG-APP-000239-DB-NA	SV-42880r1_rule		Medium

Description
Information can be subjected to unauthorized changes (e.g., malicious and/or unintentional modification) at information aggregation or protocol transformation points. It is therefore imperative the application take steps to validate and assure the integrity of data while at these stages of processing. For example, an application developer may determine based upon application requirements that various application data must accumulate in a processing queue where the application analyses, packages or transforms the data pending a data transfer. A window of time now exists where if an attacker were to gain access to the data residing in the application queue they could potentially compromise that data or alter results. The application must ensure the integrity of data that is pending transfer is maintained. If the application were to simply transmit aggregated, packaged or transformed data without ensuring the data was not manipulated during these processes, then the integrity of the data may be called into question. This requirement is specific to network applications packaging and transmitting information through the network. This requirement is NA for databases.

Description

Information can be subjected to unauthorized changes (e.g., malicious and/or unintentional modification) at information aggregation or protocol transformation points. It is therefore imperative the application take steps to validate and assure the integrity of data while at these stages of processing. For example, an application developer may determine based upon application requirements that various application data must accumulate in a processing queue where the application analyses, packages or transforms the data pending a data transfer. A window of time now exists where if an attacker were to gain access to the data residing in the application queue they could potentially compromise that data or alter results. The application must ensure the integrity of data that is pending transfer is maintained. If the application were to simply transmit aggregated, packaged or transformed data without ensuring the data was not manipulated during these processes, then the integrity of the data may be called into question. This requirement is specific to network applications packaging and transmitting information through the network. This requirement is NA for databases.

STIG	Date
Database Security Requirements Guide	2012-07-02

Details

Check Text ( C-40981r1_chk )
This check is NA for databases.

Fix Text (F-36457r1_fix)
This fix is NA for databases.