STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Application Server Security Requirements Guide

V-204772

CAT II (Medium)

The application server must check the validity of all data inputs to the management interface, except those specifically identified by the organization.

Rule ID

SV-204772r961158_rule

STIG

Application Server Security Requirements Guide

Version

V4R4

CCIs

CCI-001310

Discussion

Invalid user input occurs when a user inserts data or characters into an applications data entry field and the application is unprepared to process that data. This results in unanticipated application behavior potentially leading to an application or information system compromise. Invalid user input is one of the primary methods employed when attempting to compromise an application. Application servers must ensure their management interfaces perform data input validation checks. Input validation consists of evaluating user input and ensuring that only allowed characters are utilized. An example is ensuring that the interfaces are not susceptible to SQL injection attacks.

Check Content

Review the application server configuration to determine if the system checks the validity of information inputs to the management interface, except those specifically identified by the organization.

If the management interface data inputs are not validated, this is a finding.

Fix Text

Configure the application server to check the validity of data inputs into the management interface except those specifically identified by the organization.