Documentation - V-274842

V-274842

Application Programming Interface (API) Security Requirements Guide

CAT II

Title

The API must issue assertions in accordance with organization-defined identification and authentication policy.

Description

<VulnDiscussion>An API must issue assertions when it acts as an identity provider or plays a role in secure authentication and authorization processes. Assertions are structured, verifiable claims—such as user identity, roles, or permissions—that allow other systems to trust the information being exchanged. In protocols like SAML, OAuth, or OpenID Connect, issuing assertions (e.g., SAML assertions or JWTs) enables the API to confirm that a user has been authenticated and is authorized to access ...

Fix Text (Documentation Requirement)

Build or configure the API to issue assertions in accordance with organization-defined identification and authentication policy.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel