Documentation - V-274850

V-274850

Application Programming Interface (API) Security Requirements Guide

CAT II

Title

The API must revoke access tokens in accordance with organization-defined identification and authentication policy.

Description

<VulnDiscussion>An API must revoke access tokens to immediately terminate access when a user's session or permissions are no longer valid or if there is a security breach, such as token theft. Without an API gateway managing token revocation, the API itself becomes responsible for handling scenarios where access needs to be revoked, such as when a user logs out, their credentials are compromised, or their role changes. By revoking access tokens, the API ensures that even if a token is intercep...

Fix Text (Documentation Requirement)

Build or configure the API to revoke access tokens in accordance with organization-defined identification and authentication policy.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel