Documentation - V-274839

V-274839

Application Programming Interface (API) Security Requirements Guide

CAT II

Title

Cryptographic keys that protect access tokens must be protected.

Description

<VulnDiscussion>Cryptographic keys are used to sign and verify access tokens, ensuring they have not been tampered with and that the user or service presenting the token is legitimate. If these keys are not securely managed, attackers could generate fraudulent tokens, bypass security controls, and gain unauthorized access to sensitive data or services. The API must protect these keys from disclosure or misuse, employing best practices such as key rotation, secure storage, and limiting access to ...

Fix Text (Documentation Requirement)

Build or configure the API to properly protect cryptographic keys that protect access tokens.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel