STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must protect the confidentiality and integrity of transmitted information through the use of an approved TLS version.

DISA Rule

SV-204816r508029_rule

Vulnerability Number

V-204816

Group Title

SRG-APP-000439

Rule Version

SRG-APP-000439-AS-000155

Severity

CAT II

CCI(s)

• CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.

Weight

10

Fix Recommendation

Configure the application server to use a FIPS-2 approved TLS version to maintain the confidentiality and integrity of transmitted information and to disable all non-FIPS-approved SSL versions.

Check Contents

Review the application server documentation and deployed configuration to determine which version of TLS is being used.

If the application server is not using TLS to maintain the confidentiality and integrity of transmitted information or non-FIPS-approved SSL versions are enabled, this is a finding.

Vulnerability Number

V-204816

Documentable

False

Rule Version

SRG-APP-000439-AS-000155

Severity Override Guidance

Review the application server documentation and deployed configuration to determine which version of TLS is being used.

If the application server is not using TLS to maintain the confidentiality and integrity of transmitted information or non-FIPS-approved SSL versions are enabled, this is a finding.

Check Content Reference

M

Target Key

2900

Comments