STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must be configured to mutually authenticate connecting proxies, application servers or gateways.

DISA Rule

SV-204762r508029_rule

Vulnerability Number

V-204762

Group Title

SRG-APP-000219

Rule Version

SRG-APP-000219-AS-000147

Severity

CAT II

CCI(s)

• CCI-001184 - The information system protects the authenticity of communications sessions.

Weight

10

Fix Recommendation

Configure the application server to mutually authenticate proxy servers, other application servers and application gateways as specified.

Check Contents

Review application server documentation, system security plan and application data protection requirements.

If the connected web proxy is exposed to an untrusted network or if data protection requirements specified in the system security plan mandate the need to establish the identity of the connecting application server, proxy or application gateway and the application server is not configured to mutually authenticate the application server, proxy server or gateway, this is a finding.

Vulnerability Number

V-204762

Documentable

False

Rule Version

SRG-APP-000219-AS-000147

Severity Override Guidance

Review application server documentation, system security plan and application data protection requirements.

If the connected web proxy is exposed to an untrusted network or if data protection requirements specified in the system security plan mandate the need to establish the identity of the connecting application server, proxy or application gateway and the application server is not configured to mutually authenticate the application server, proxy server or gateway, this is a finding.

Check Content Reference

M

Target Key

2900

Comments