STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Axonius Federal Systems Ax-OS Security Technical Implementation Guide

V-276013

CAT I (High)

Ax-OS must protect the authenticity of communications sessions.

Rule ID

SV-276013r1122689_rule

STIG

Axonius Federal Systems Ax-OS Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-001184CCI-004909

Discussion

Authenticity protection provides protection against man-in-the-middle attacks/session hijacking and the insertion of false information into sessions. Application communication sessions are protected using transport encryption protocols such as Transport Layer Security (TLS). TLS provides web applications with a means to authenticate user sessions and encrypt application traffic. Session authentication can be single (one way) or mutual (two way) in nature. Single authentication authenticates the server for the client, whereas mutual authentication provides a means for the client and server to authenticate each other. This requirement applies to applications that use communications sessions. This includes, but is not limited to, web-based applications and service-oriented architectures (SOAs). This requirement addresses communications protection at the application session versus the network packet. It also establishes grounds for confidence at both ends of communications sessions in relation to the ongoing identities of other parties and validity of information transmitted. Depending on the required degree of confidentiality and integrity, web services/SOA will require the use of TL) mutual authentication (two-way/bidirectional). Satisfies: SRG-APP-000219, SRG-APP-000910

Check Content

Select the gear icon (System Settings) >> Privacy and Security >> Certificate and Encryption.

Under SSL Certificate, if the certificate has not been changed from the self-signed default certificate, unless otherwise approved by the authorizing official (AO), this is a finding.

Under Certificate Verifications Settings, if "Use OCSP" is not selected, this is a finding.

Under SSL Trust & CA Settings, if "Use custom certificate" is not selected and configured for a DOD PKI (or other AO-approved certificate), this is a finding.

Under Mutual TLS Settings, if the "Enable mutual TLS" slide bar is not enabled, and the "Enforce client certificate validation" box is unchecked, this is a finding.

Under Encryption Settings, if the "Allow legacy SSL cipher suites for adapters" is checked, this is a finding.

Fix Text

Select the gear icon (System Settings) >> Privacy and Security >> Certificate and Encryption.

Under Certificate Verifications Settings, select "Use OCSP".

Under SSL Trust & CA Settings, select "Use custom certificate" and configure for a DOD PKI (or other AO-approved certificate).

Under Mutual TLS Settings, enable the "Enable mutual TLS" slide bar. Check the "Enforce client certificate validation" box.

Under Encryption Settings, ensure the "Allow legacy SSL cipher suites for adapters" box is unchecked.