Documentation - V-274840

V-274840

Application Programming Interface (API) Security Requirements Guide

CAT II

Title

The API must protect the private keys used to sign assertions and tokens.

Description

<VulnDiscussion>Private keys are used to sign tokens and assertions, which verify the identity and permissions of users or systems requesting access. If these keys are compromised, attackers could generate fraudulent tokens or assertions, granting unauthorized access to sensitive resources and potentially causing significant damage to both the system and its users. The level of protection required for these private keys depends on the sensitivity of the information and the potential impact of ...

Fix Text (Documentation Requirement)

Build or configure the API to properly protect private keys used to sign assertions and tokens.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel