Documentation - V-222532

V-222532

Application Security and Development Security Technical Implementation Guide

CAT II

Title

The application must utilize mutual authentication when endpoint device non-repudiation protections are required by DoD policy or by the data owner.

Description

<VulnDiscussion>Without identifying devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. With one way SSL authentication which is the typical form of SSL authentication done between a web browser client and a web server, the client requests the server certificate to validate the server's identity and establish a secure connection. When SSL mutual authentication is used, the server is configured to request the client’s certificate as well so the s...

Fix Text (Documentation Requirement)

Configure the application to utilize mutual authentication when specified by data protection requirements.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel