STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must provide security extensions to extend the SOAP protocol and provide secure authentication when accessing sensitive data.

DISA Rule

SV-204749r508029_rule

Vulnerability Number

V-204749

Group Title

SRG-APP-000156

Rule Version

SRG-APP-000156-AS-000106

Severity

CAT II

CCI(s)

• CCI-001941 - The information system implements replay-resistant authentication mechanisms for network access to privileged accounts.

Weight

10

Fix Recommendation

Configure the application server to utilize secure authentication when SOAP web services are used to access sensitive data.

Check Contents

Review application server documentation to ensure the application server provides extensions to the SOAP protocol that provide secure authentication. These protocols include, but are not limited to, WS_Security suite. Review policy and data owner protection requirements in order to identify sensitive data.

If secure authentication protocols are not utilized to protect data identified by data owner as requiring protection, this is a finding.

Vulnerability Number

V-204749

Documentable

False

Rule Version

SRG-APP-000156-AS-000106

Severity Override Guidance

Review application server documentation to ensure the application server provides extensions to the SOAP protocol that provide secure authentication. These protocols include, but are not limited to, WS_Security suite. Review policy and data owner protection requirements in order to identify sensitive data.

If secure authentication protocols are not utilized to protect data identified by data owner as requiring protection, this is a finding.

Check Content Reference

M

Target Key

2900

Comments