Documentation - V-274682

V-274682

Application Programming Interface (API) Security Requirements Guide

CAT II

Title

The API must enforce per-client rate limits.

Description

<VulnDiscussion>Configuring rate limits on API keys helps prevent abuse, mitigates denial-of-service attacks, and ensures fair usage of resources by restricting the number of requests an entity can make within a set timeframe.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><Miti...

Fix Text (Documentation Requirement)

Build or configure per-client rate limiting on the API using a gateway, reverse proxy, or API management platform. Identify clients using unique identifiers (such as API keys, access tokens, or IP addresses) and configure rate limits to ensure fair usage and prevent abuse. Ensure that: - Each client has a defined threshold for request rates. - Limits are enforced dynamically. - Clients exceeding limits receive appropriate error responses. Update system documentation to reflect the implemented rate-limiting policy and enforcement mechanisms.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel