Documentation - V-222394

V-222394

Application Security and Development Security Technical Implementation Guide

CAT II

Title

The application must associate organization-defined types of security attributes having organization-defined security attribute values with information in process.

Description

<VulnDiscussion>Without the association of security attributes to information, there is no basis for the application to make security-related access control decisions. Security attributes are abstractions representing the basic properties or characteristics of an entity (e.g., subjects and objects) with respect to safeguarding information. These attributes are typically associated with internal data structures (e.g., records, buffers, files) within the information system and are used to enable...

Fix Text (Documentation Requirement)

Design and configure the application to retain the data marking when processing data.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel