Skip to main content
CUI

STIG Rule - V-274537

Back to STIG Browser

V-274537

SV-274537r1143570_rule

CAT II

All defined API elements must be documented.

From: Application Programming Interface (API) Security Requirements Guide (V1R1)

Description

<VulnDiscussion>All defined API elements and their security-relevant configurations must be documented and enforced, ensuring compliance with the organization's approved security baselines. Identifying all API elements that must be logged is essential for security, monitoring, and threat detection. Documenting and enforcing security-relevant configurations for all defined API elements ensures consistency, reduces misconfigurations, and supports compliance with organizational security baselines. This practice enhances system integrity, simplifies audits, and helps prevent vulnerabilities caused by undocumented or insecure API behaviors.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

Check Procedure

To identify APIs in use: Analyze application code for API calls, URLs, and authentication keys in frontend and backend components. Use network monitoring tools to capture API traffic in real time. Check browser DevTools (Network tab) for active API requests in web applications. Review server and API gateway logs (e.g., AWS CloudWatch, Nginx logs) to track API calls and usage patterns. Inspect configuration files, environment variables, and documentation for references to external or internal APIs. If any defined API elements or their security-relevant configurations are not documented and enforced in accordance with the organization's approved security baselines, this is a finding.

Fix Text

Update the documentation to include all defined API elements and their security-relevant configurations. Ensure each element is properly logged and monitored in accordance with the organization's approved security baselines.

CCI Reference

CCI-000133
Created
2026-04-07 20:08:09
Last Updated
2026-04-07 20:08:09
Back to Browse
CUI