Documentation - V-222626

V-222626

Application Security and Development Security Technical Implementation Guide

CAT II

Title

The designer must ensure the application does not store configuration and control files in the same directory as user data.

Description

<VulnDiscussion>Application configuration settings and user data are required to be stored in separate locations in order to prevent application users from possibly being able to access application configuration settings or application data files. Without proper access controls and separation of application configuration settings from user data, there is the potential that existing code or configuration settings could be changed by users. These changes in code can lead to a Denial of Service (Do...

Fix Text (Documentation Requirement)

Separate the application user data into a different directory than the application code and user file permissions to restrict user access to application configuration settings.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel