Documentation - V-222530

V-222530

Application Security and Development Security Technical Implementation Guide

CAT II

Title

The application must implement replay-resistant authentication mechanisms for network access to privileged accounts.

Description

<VulnDiscussion>A replay attack may enable an unauthorized user to gain access to the application. Authentication sessions between the authenticator and the application validating the user credentials must not be vulnerable to a replay attack. An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message. A privileged account is any information system account with authorizations of a pri...

Fix Text (Documentation Requirement)

Design and configure the application to utilize replay-resistant mechanisms when authenticating privileged accounts.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel