Documentation - V-222535

V-222535

Application Security and Development Security Technical Implementation Guide

CAT II

Title

The application must disable device identifiers after 35 days of inactivity unless a cryptographic certificate is used for authentication.

Description

<VulnDiscussion>Device identifiers are used to identify hardware devices that interact with the application much like a user account is used to identify an application user. Examples of hardware devices include but are not limited to mobile phones, application gateways, or other types of smart hardware. This requirement does not apply to individual application user accounts. This requirement is not applicable to shared information system accounts, application groups, or roles (e.g., guest and ...

Fix Text (Documentation Requirement)

Configure the application to disable device accounts after 35 days of inactivity or to utilize DOD PKI certificates that provide an expiration date.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel