SRG-APP-000224 Controls

STIG IDVersionTitleProduct
SRG-APP-000224-API-000475V1R1The API keys must be securely generated using a FIPS-validated Random Number Generator (RNG).Security Requirements Guide - API
SRG-APP-000224-WSR-000135V4R4The web server must generate a unique session identifier for each session using a FIPS 140-2 approved random number generator.Security Requirements Guide - Web Server
SRG-APP-000224-WSR-000136V4R4The web server must generate unique session identifiers that cannot be reliably reproduced.Security Requirements Guide - Web Server
SRG-APP-000224-WSR-000137V4R4The web server must generate a session ID long enough that it cannot be guessed through brute force.Security Requirements Guide - Web Server
SRG-APP-000224-WSR-000138V4R4The web server must generate a session ID using as much of the character set as possible to reduce the risk of brute force.Security Requirements Guide - Web Server
SRG-APP-000224-WSR-000139V4R4The web server must generate unique session identifiers with definable entropy.Security Requirements Guide - Web Server
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.