Documentation - V-204751

V-204751

Application Server Security Requirements Guide

CAT II

Title

The application server must for password-based authentication, store passwords using an approved salted key derivation function, preferably using a keyed hash.

Description

<VulnDiscussion>Applications must enforce password encryption when storing passwords. Passwords need to be protected at all times and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read and easily compromised. Application servers provide either a local user store or they integrate with enterprise user stores like LDAP. When the application server is responsible for creating or storing passwords, the application server must enforc...

Fix Text (Documentation Requirement)

Configure the application server to only store encrypted representations of passwords.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel