Documentation - V-222426

V-222426

Application Security and Development Security Technical Implementation Guide

CAT II

Title

The application must enforce organization-defined discretionary access control policies over defined subjects and objects.

Description

<VulnDiscussion>Discretionary Access Control allows users to determine who is allowed to access their data. To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., networks, web servers, and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give ...

Fix Text (Documentation Requirement)

Design and configure the application to enforce discretionary access control policies.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel