From Authentication Authorization and Accounting Service Security Requirements Guide
Part of SRG-APP-000142-AAA-000001
Associated with: CCI-000382
Authenticity protection provides protection against man-in-the-middle attacks/session hijacking and the insertion of false information into sessions.
If the AAA Service does not connect to a directory services, or other identity provider, but instead performs user and device account management as part of its functionality, this is not applicable. Review the AAA Service configuration when connecting to directory services, or another identity provider. Verify the connection is configured to use secure protocols for transport between the AAA Service and the directory services using mutual authentication. The use of LDAP over TLS (LDAPS) is the most common method to secure the directory services or user database traffic. Each protocol egressing the local enclave must be implemented in accordance with its PPSM CAL. If the AAA Service does not use secure protocols when connecting to directory services, this is a finding. If the protocols are not implemented in accordance with its PPSM CAL, this is a finding.
Configure the AAA Service to use secure protocols when connecting to directory services. The use of LDAP over TLS (LDAPS) is the most common method to secure the directory services or user database traffic. However, proprietary or other protocols may be used in some configurations. Each protocol egressing the local enclave must be implemented in accordance with its PPSM CAL.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer