STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Soaring Software Solutions TCMax 9.x Security Technical Implementation Guide

V-281376

CAT I (High)

TCMax must protect the confidentiality and integrity of transmitted information.

Rule ID

SV-281376r1195320_rule

STIG

Soaring Software Solutions TCMax 9.x Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-001184CCI-002418CCI-002421CCI-002420CCI-002422CCI-004904CCI-004906CCI-004907

Discussion

Without protection of the transmitted information, confidentiality and integrity may be compromised since unprotected communications can be intercepted and either read or altered. Communication paths outside the physical protection of a controlled boundary are exposed to the possibility of interception and modification. Protecting the confidentiality and integrity of organizational information can be accomplished by physical means (e.g., employing physical distribution systems) or by logical means (e.g., employing cryptographic techniques). If physical means of protection are employed, then logical means (cryptography) do not have to be employed, and vice versa. Authenticity protection provides protection against man-in-the-middle attacks/session hijacking and the insertion of false information into sessions. Application communication sessions are protected using transport encryption protocols such as TLS. TLS provides web applications with a means to authenticate user sessions and encrypt application traffic. Session authentication can be single (one-way) or mutual (two-way) in nature. Single authentication authenticates the server for the client, whereas mutual authentication provides a means for both the client and the server to authenticate each other. This requirement applies to applications that use communications sessions. This includes, but is not limited to, web-based applications and service-oriented architectures (SOAs). This requirement addresses communications protection at the application session versus the network packet, and establishes grounds for confidence at both ends of communications sessions in ongoing identities of other parties and in the validity of information transmitted. When transmitting data, applications need to leverage transmission protection mechanisms, such as TLS, TLS VPNs, or IPsec. Satisfies: SRG-APP-000219, SRG-APP-000439, SRG-APP-000440, SRG-APP-000441, SRG-APP-000442, SRG-APP-000895, SRG-APP-000900, SRG-APP-000905

Check Content

1. Using a Windows account of appropriate privileges to access the file system, open the file C:\ProgramData\Soaring Software Solutions\TCMax\Configuration Files\DatabaseConnections.xml.

2. Review the attribute for Encrypt. 

If Encrypt = False, this is a finding.

Fix Text

1. Open the file C:\ProgramData\Soaring Software Solutions\TCMax\Configuration Files\DatabaseConnections.xml. 

2. Edit the file to set Encrypt = True. 

Example file below:
<Root>
  <PrimaryConnection DataSource="MicrosoftSqlServer" DataProvider="SqlClient">
    <ConnectionString>Persist Security Info=False;Data Source=SERVER_NAME\INSTANCE_NAME;Initial Catalog=DB_NAME;Integrated Security=SSPI;Encrypt=True;TrustServerCertificate=False;MultipleActiveResultSets=True;Connection Timeout=15</ConnectionString>
  </PrimaryConnection>
</Root>