From Application Server Security Requirements Guide
Part of SRG-APP-000313-AS-000003
Associated with: CCI-002263
The application server provides a framework for applications to communicate between each other to form an overall well-designed application to perform a task. As the information traverses the application server and the components, the security attributes must be maintained. Without the association of security attributes to information, there is no basis for the application server or hosted applications to make security-related access control decisions. The security attributes are abstractions representing the basic properties or characteristics of an entity (e.g., subjects and objects) with respect to safeguarding information.
Review the application server documentation to determine if the application associates organization-defined types of security attributes with organization-defined security attribute values to information in process. If the application server does not associate the security attributes to information in process or the feature is not implemented, this is a finding.
Configure the application server to associate organization-defined types of security attributes having organization-defined security attribute values with information in process.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer