Applications designed to enforce protocol formats must employ automated mechanisms to enforce strict adherence to protocol format.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35672 | SRG-APP-000253-MAPP-NA | SV-46959r1_rule | Medium |
| Description |
|---|
| Automated mechanisms used to enforce protocol formats include, deep packet inspection firewalls and XML gateways. These devices verify adherence to the protocol specification (e.g., IEEE) at the application layer and serve to identify significant vulnerabilities that cannot be detected by devices operating at the network or transport layer. It is impractical to expect protocol format inspection to be conducted manually. Rationale for non-applicability: Mobile applications often employ communications protocols but they do not enforce protocol formats for other applications. The requirement for application sandboxing precludes applications from serving as a security boundary for other applications. If an application were granted the ability to perform this function, the application could perform a man-in-the-middle attack on other applications running on the device. |
| STIG | Date |
|---|---|
| Mobile Application Security Requirements Guide | 2013-01-04 |
Details
| Check Text ( C-44014r1_chk ) |
|---|
| This requirement is NA for the MAPP SRG. |
| Fix Text (F-40214r1_fix) |
|---|
| The requirement is NA. No fix is required. |