Documentation - V-222398

V-222398

Application Security and Development Security Technical Implementation Guide

CAT II

Title

Applications with SOAP messages requiring integrity must include the following message elements:-Message ID-Service Request-Timestamp-SAML Assertion (optionally included in messages) and all elements of the message must be digitally signed.

Description

<VulnDiscussion>Digitally signed SOAP messages provide message integrity and authenticity of the signer of the message independent of the transport layer. Service requests may be intercepted and changed in transit and the data integrity may be at risk if the SOAP message is not digitally signed. Functional architecture aspects of the application security plan identify the application data elements that require data integrity protection.</VulnDiscussion><FalsePositives></FalsePositives><FalseNeg...

Fix Text (Documentation Requirement)

Design and configure the application to sign the following message elements for SOAP messages requiring integrity: - Message ID - Service Request - Timestamp - SAML Assertion - Message elements

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel