SV-222396r508029_rule
V-222396
SRG-APP-000014
APSC-DV-000160
CAT II
10
Design and configure applications to use TLS encryption to protect the confidentiality of remote access sessions.
Review the application documentation and interview the system administrator.
Identify the application encryption capabilities and methods for implementing encryption protection.
For web based applications; open the web browser and access the website URL. Use the browser and determine if the session is protected via TLS. A secure connection is usually indicated in the upper left hand corner of the URL by a padlock icon. Click on the padlock icon and examine the connection information. Determine if TLS encryption is used to secure the session.
For non-web based applications, determine the TCP/IP port, protocol and method used for establishing client connections to the remote server. Review application configuration settings to ensure encryption is specified and via TLS.
If the connection is not secured with TLS, this is a finding.
V-222396
False
APSC-DV-000160
Review the application documentation and interview the system administrator.
Identify the application encryption capabilities and methods for implementing encryption protection.
For web based applications; open the web browser and access the website URL. Use the browser and determine if the session is protected via TLS. A secure connection is usually indicated in the upper left hand corner of the URL by a padlock icon. Click on the padlock icon and examine the connection information. Determine if TLS encryption is used to secure the session.
For non-web based applications, determine the TCP/IP port, protocol and method used for establishing client connections to the remote server. Review application configuration settings to ensure encryption is specified and via TLS.
If the connection is not secured with TLS, this is a finding.
M
4093