Documentation - V-206399

V-206399

Web Server Security Requirements Guide

CAT I

Title

The web server must generate a unique session identifier for each session using a FIPS 140-2 approved random number generator.

Description

<VulnDiscussion>Communication between a client and the web server is done using the HTTP protocol, but HTTP is a stateless protocol. In order to maintain a connection or session, a web server will generate a session identifier (ID) for each client session when the session is initiated. The session ID allows the web server to track a user session and, in many cases, the user, if the user previously logged into a hosted application. Unique session IDs are the opposite of sequentially generated se...

Fix Text (Documentation Requirement)

Configure the web server to generate unique session identifiers using a FIPS 140-2 random number generator.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel