Wikis - Page

Knowledge Doc: STIG V-222585 Compliance for OO

0 Likes

Based on STIG V-222585 Compliance, the application must fail to a secure state if system initialization fails, shutdown fails, or aborts fail. In general, application security mechanisms should be designed so that a failure will follow the same execution path as disallowing the operation. For example, security methods, such as isAuthorized(), isAuthenticated(), and validate(), should all return false if there is an exception during processing. If security controls can throw exceptions, they must be very clear about exactly what that condition means.

Abort refers to stopping a program or function before it has finished naturally. The term abort refers to both requested and unexpected terminations.

Does OO fail to a secure state?

Read the full Knowledge Document and resolution here.

Labels:

Support Tips/Knowledge Docs
Comment List
Related
Recommended