STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must use encryption strength in accordance with the categorization of the management data during remote access management sessions.

DISA Rule

SV-204709r508029_rule

Vulnerability Number

V-204709

Group Title

SRG-APP-000014

Rule Version

SRG-APP-000014-AS-000009

Severity

CAT II

CCI(s)

• CCI-000068 - The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions.

Weight

10

Fix Recommendation

Configure the application server to use encryption strength in accordance with the categorization of the management data during remote access management sessions.

Check Contents

Check the application server configuration to ensure all management interfaces use encryption in accordance with the management data.

If the application server is not configured to encrypt remote access management sessions in accordance with the categorization of the management data, this is a finding.

Vulnerability Number

V-204709

Documentable

False

Rule Version

SRG-APP-000014-AS-000009

Severity Override Guidance

Check the application server configuration to ensure all management interfaces use encryption in accordance with the management data.

If the application server is not configured to encrypt remote access management sessions in accordance with the categorization of the management data, this is a finding.

Check Content Reference

M

Target Key

2900

Comments