Documentation - V-222534

V-222534

Application Security and Development Security Technical Implementation Guide

CAT II

Title

Service-Oriented Applications handling non-releasable data must authenticate endpoint devices via mutual SSL/TLS.

Description

<VulnDiscussion>Without identifying devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. One way SSL/TLS authentication is the typical form of authentication done between a web browser client and a web server. The client requests the server certificate to validate the server's identity and establish a secure connection. When SSL/TLS mutual authentication is used, the server is configured to request the client’s certificate as well so the server ...

Fix Text (Documentation Requirement)

Configure the application to utilize mutual authentication when the application is processing non-releasable data.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel