Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Application Server Security Requirements Guide
SRG-APP-000313
SRG-APP-000313
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-APP-000313
1 Rule
<GroupDescription></GroupDescription>
The application server must associate organization-defined types of security attributes having organization-defined security attribute values with information in process.
Medium Severity
<VulnDiscussion>The application server provides a framework for applications to communicate between each other to form an overall well-designed application to perform a task. As the information traverses the application server and the components, the security attributes must be maintained. Without the association of security attributes to information, there is no basis for the application server or hosted applications to make security-related access control decisions. The security attributes are abstractions representing the basic properties or characteristics of an entity (e.g., subjects and objects) with respect to safeguarding information. One example includes marking data as classified or FOUO. These security attributes may be assigned manually or during data processing, but either way, it is imperative these assignments are maintained while the data is in process. If the security attributes are lost when the data is being processed, there is the risk of a data compromise.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>