The application must support organizational requirements to enforce password encryption for transmission.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35470	SRG-APP-000172-MAPP-NA	SV-46757r1_rule		Medium

Description
Passwords need to be protected at all times and encryption is the standard method for protecting passwords during transmission. Rationale for non-applicability: The MAPP SRG does not have a requirement for user authentication to local applications, which obviates the need for passwords. To the extent the local application facilitates user authentication to a remote application, the remote application can enforce a variety of mechanisms to protect the password, including encryption of passwords using SSL/TLS.

Description

Passwords need to be protected at all times and encryption is the standard method for protecting passwords during transmission. Rationale for non-applicability: The MAPP SRG does not have a requirement for user authentication to local applications, which obviates the need for passwords. To the extent the local application facilitates user authentication to a remote application, the remote application can enforce a variety of mechanisms to protect the password, including encryption of passwords using SSL/TLS.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-43821r1_chk )
This requirement is NA for the MAPP SRG.

Fix Text (F-40010r1_fix)
The requirement is NA. No fix is required.