Documentation - V-274845

V-274845

Application Programming Interface (API) Security Requirements Guide

CAT II

Title

The API must time-restrict assertions in accordance with organization-defined identification and authentication policy.

Description

<VulnDiscussion>An API must time-restrict assertions to minimize security risks and ensure access to protected resources is granted only within a valid and controlled timeframe. Assertions, such as JWTs or SAML tokens, typically include expiration timestamps that limit how long they are valid. This prevents long-term misuse in case a token is leaked or intercepted and helps enforce periodic re-authentication or authorization checks. By applying time restrictions, the API reduces the window of op...

Fix Text (Documentation Requirement)

Build or configure the API to time-restrict assertions in accordance with organization-defined identification and authentication policy.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel