STIGQter STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

Execution flow diagrams and design documents must be created to show how deadlock and recursion issues in web services are being mitigated.

DISA Rule

SV-222625r508029_rule

Vulnerability Number

V-222625

Group Title

SRG-APP-000516

Rule Version

APSC-DV-002950

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Develop web services to account for deadlock issues.

Check Contents

Review the application documentation and the system diagrams detailing application system to system and service to service communication methods.

Interview the application admin to identify any application web services that are deployed by the application.

If the application does not deploy web services, the requirement is not applicable.

If the application consumes web services but is not responsible for development of the services, the requirement is not applicable.

Review the data flow diagrams and the system documentation to determine if the issue of web service deadlock is addressed.

If the issue is not addressed in the documentation or configuration settings, ask the application admin to demonstrate how deadlock issues are addressed.

If deadlock issues are not being addressed via documented web service configuration or design, this is a finding.

Vulnerability Number

V-222625

Documentable

False

Rule Version

APSC-DV-002950

Severity Override Guidance

Review the application documentation and the system diagrams detailing application system to system and service to service communication methods.

Interview the application admin to identify any application web services that are deployed by the application.

If the application does not deploy web services, the requirement is not applicable.

If the application consumes web services but is not responsible for development of the services, the requirement is not applicable.

Review the data flow diagrams and the system documentation to determine if the issue of web service deadlock is addressed.

If the issue is not addressed in the documentation or configuration settings, ask the application admin to demonstrate how deadlock issues are addressed.

If deadlock issues are not being addressed via documented web service configuration or design, this is a finding.

Check Content Reference

M

Target Key

4093

Comments