Documentation - V-274841

V-274841

Application Programming Interface (API) Security Requirements Guide

CAT II

Title

Generating assertions must be restricted.

Description

<VulnDiscussion>An API may be required to generate assertions when it plays a role in authentication, authorization, or secure data exchange. In protocols like SAML or OpenID Connect, assertions are essential because they serve as trusted claims about a user's identity, permissions, or session status. These assertions, often in the form of tokens like SAML assertions or JWTs, allow different systems to communicate securely and trust the integrity of the transmitted information. By generating ass...

Fix Text (Documentation Requirement)

Build or configure the API to generate assertions in accordance with organization-defined identification and authentication policy.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel