Documentation - V-274848

V-274848

Application Programming Interface (API) Security Requirements Guide

CAT II

Title

The API must issue access tokens in accordance with organization-defined identification and authentication policy.

Description

<VulnDiscussion>An API must issue access tokens to independently handle authentication and authorization for securing access to its resources. By issuing access tokens, the API ensures only authenticated users with valid permissions can interact with the system. Without an API gateway to centralize this process, the API itself must authenticate users, generate tokens (like JWTs), and validate those tokens on each request. This approach enables the API to maintain control over access policies, ...

Fix Text (Documentation Requirement)

Build or configure the API to issue access tokens in accordance with organization-defined identification and authentication policy.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel