Skip to main content
CUI

STIG Rule - V-272642

Back to STIG Browser

V-272642

SV-272642r1113686_rule

CAT II

All associated custom applications, including API endpoints, must be inventoried and managed.

From: Arctic Wolf CylanceON-PREM Security Technical Implementation Guide (V1R1)

Description

<VulnDiscussion>The Console Applications page provides integration with the CylanceON-PREM API. An application has a unique application ID and application secret for generating an access token, which is used to access the API. Administrators create the applications, then give API users the application ID and application secret. Inventorying and managing CylanceON-PREM's associated custom applications and API endpoints is critical for securing the environment, ensuring compliance, minimizing risks, maintaining operational efficiency, and improving incident response. By knowing what applications and APIs exist and how they function, organizations can enhance the ability to protect, monitor, and manage systems effectively, thus safeguarding sensitive data and improving overall security posture.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

Check Procedure

Review the Console Applications. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to Configuration >> Applications. 3. Review the documentation of allowed applications. 4. Review the internal documentation for the location and protection of application ID and application secret. 5. All APIs must be documented. 6. Verify that controls are in place for who has access to APIs and where YAML files are stored. If any applications exist that are not documented, this is a finding. If application ID and application secrets are not documented and stored in the authorized location, this is a finding. If any APIs are in use and not documented, this is a finding. If the location and access of YAML files are not documented, this is a finding. If any of the above is documented but not adhered to, this is a finding.

Fix Text

Manage Custom Applications. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to Configuration >> Applications. 2a. To edit an application: - Click the "Edit" icon. - Update the application name or permissions. - Click the green check to save. 2b. To remove an application: - Click the trash can icon. - Click "Remove Application". 2c. To view the YAML file, click the API Documentation link.

CCI Reference

CCI-000366
Created
2026-04-07 20:08:09
Last Updated
2026-04-07 20:08:09
Back to Browse
CUI