Skip to content
Catalogs
XCCDF
Application Security and Development Security Technical Implementation Guide
SRG-APP-000516
The application must use encryption to implement key exchange and authenticate endpoints prior to establishing a communication channel for key exchange.
The application must use encryption to implement key exchange and authenticate endpoints prior to establishing a communication channel for key exchange. An XCCDF Rule
The application must use encryption to implement key exchange and authenticate endpoints prior to establishing a communication channel for key exchange.
Medium Severity
<VulnDiscussion>If the application does not use encryption and authenticate endpoints prior to establishing a communication channel and prior to transmitting encryption keys, these keys may be intercepted, and could be used to decrypt the traffic of the current session, leading to potential loss or compromise of DoD data.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>