The mobile app must validate information output from software programs and/or applications defined in SI-15, CCI-0002770 to ensure the information is consistent with the expected content.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-APP-000449-MAPP-000100 | SRG-APP-000449-MAPP-000100 | SRG-APP-000449-MAPP-000100_rule | Medium |
| Description |
|---|
| Certain types of cyber attacks (e.g., SQL injections) produce output results that are unexpected or inconsistent with the output results that would normally be expected from software programs or applications. This requirement focuses on detecting extraneous content, preventing such extraneous content from being displayed, and alerting monitoring tools that anomalous behavior has been discovered. |
| STIG | Date |
|---|---|
| Mobile Application Security Requirements Guide | 2014-07-22 |
Details
| Check Text ( C-SRG-APP-000449-MAPP-000100_chk ) |
|---|
| Review the mobile app configuration, documentation, or code to determine if the mobile app validates information output from organization-defined software programs and/or applications to ensure the information is consistent with the expected content. If the app does not validate information output to ensure the information is consistent with the expected content, this is a finding. |
| Fix Text (F-SRG-APP-000449-MAPP-000100_fix) |
|---|
| Configure or code the mobile app to validate information output from organization-defined software programs and/or applications to ensure the information is consistent with the expected content. |