Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-35470 | SRG-APP-000172-MAPP-NA | SV-46757r1_rule | Medium |
Description |
---|
Passwords need to be protected at all times and encryption is the standard method for protecting passwords during transmission. Rationale for non-applicability: The MAPP SRG does not have a requirement for user authentication to local applications, which obviates the need for passwords. To the extent the local application facilitates user authentication to a remote application, the remote application can enforce a variety of mechanisms to protect the password, including encryption of passwords using SSL/TLS. |
STIG | Date |
---|---|
Mobile Application Security Requirements Guide | 2013-01-04 |
Check Text ( C-43821r1_chk ) |
---|
This requirement is NA for the MAPP SRG. |
Fix Text (F-40010r1_fix) |
---|
The requirement is NA. No fix is required. |