STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

DISA Rule

SV-220326r508029_rule

Vulnerability Number

V-220326

Group Title

SRG-APP-000416

Rule Version

SRG-APP-000416-AS-000140

Severity

CAT II

CCI(s)

• CCI-002450 - The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

Weight

10

Fix Recommendation

Configure the application server to utilize NSA-approved cryptography to protect classified information.

Check Contents

Review application server documentation to verify that the application server is using NSA-approved cryptography to protect classified data and applications resident on the device.

If the application server is not using NSA-approved cryptography for classified data and applications, this is a finding.

Vulnerability Number

V-220326

Documentable

False

Rule Version

SRG-APP-000416-AS-000140

Severity Override Guidance

Review application server documentation to verify that the application server is using NSA-approved cryptography to protect classified data and applications resident on the device.

If the application server is not using NSA-approved cryptography for classified data and applications, this is a finding.

Check Content Reference

M

Target Key

2900

Comments