STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must implement cryptographic mechanisms to protect the integrity of remote access sessions.

DISA Rule

SV-222397r508029_rule

Vulnerability Number

V-222397

Group Title

SRG-APP-000015

Rule Version

APSC-DV-000170

Severity

CAT II

CCI(s)

CCI-001453 - The information system implements cryptographic mechanisms to protect the integrity of remote access sessions.

Weight

Fix Recommendation

Design and configure applications to use TLS encryption to protect the integrity of remote access sessions.

Check Contents

Review the application documentation and interview the system administrator.

Identify the application encryption capabilities and methods for implementing encryption protection.

For web based applications; open the web browser and access the website URL. Use the browser and determine if the session is protected via TLS. A secure connection is usually indicated in the upper left hand corner of the URL by a padlock icon. Click on the padlock icon and examine the connection information. Determine if TLS encryption is used to secure the session.

For non-web based applications, determine the TCP/IP port, protocol and method used for establishing client connections to the remote server. Review application configuration settings to ensure encryption is specified and via TLS.

If the connection is not secured with TLS, this is a finding.

The application must implement cryptographic mechanisms to protect the integrity of remote access sessions.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments