STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must protect the confidentiality and integrity of transmitted information.

DISA Rule

SV-222596r508029_rule

Vulnerability Number

V-222596

Group Title

SRG-APP-000439

Rule Version

APSC-DV-002440

Severity

CAT I

CCI(s)

CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.

Weight

Fix Recommendation

Configure all of the application systems to require TLS encryption in accordance with data protection requirements.

Check Contents

Review the application documentation and interview the application administrator.

Identify application clients, servers and associated network connections including application networking ports.

Identify the types of data processed by the application and review any documented data protection requirements.

Identify the application communication protocols.

Review application documents for instructions or guidance on configuring application encryption settings.

Verify the application is configured to enable encryption protections for data in accordance with the data protection requirements. If no data protection requirements exist, ensure all application data is encrypted.

If the application does not utilize TLS, IPsec or other approved encryption mechanism to protect the confidentiality and integrity of transmitted information, this is a finding.

The application must protect the confidentiality and integrity of transmitted information.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments