Documentation - V-274785

V-274785

Application Programming Interface (API) Security Requirements Guide

CAT II

Title

API services identified within the system as unnecessary and/or nonsecure must be disabled.

Description

<VulnDiscussion>It is detrimental for applications to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary APIs are often overlooked and therefore, may remain unsecured. They increase the risk to the platform by providing additional attack vectors. APIs are capable of providing a variety of functions and services. Some of the functions and services provided by default may not be necessary to support essential organizational operations (e....

Fix Text (Documentation Requirement)

Build or configure the API to use necessary and secure services and ports approved by the PPSM CAL.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel