The application must ensure messages are encrypted when the SessionIndex is tied to privacy data.
An XCCDF Rule
Description
<VulnDiscussion>When the SessionIndex is tied to privacy data (e.g., attributes containing privacy data) the message should be encrypted. If the message is not encrypted there is the possibility of compromise of privacy data.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-222406r960759_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Encrypt messages when the SessionIndex is tied to privacy data.