Closed BenGardiner closed 5 years ago
Add a design testing report to the document which replaces VERIFIED with CONFIRMED <+ rationale> to demonstrate that the API design has some security properties baked-in. Thanks, Altaz.
NIST 800-53 SC-6: Resource Availability Considerations:
NIST 800-53 SI-10: Information Input Validation Considerations: All file references should be indirect
NIST 800-53 AC-3: Access Enforcement Considerations: Grant privileges directly to users
NIST 800-53 AC-24: Access Control Decisions Considerations: Security controls assigned to each request
NIST 800-53 AU-6: Audit Review, Analysis, and Reporting Considerations: Grant privileges to specific users
Add a design testing report to the document which replaces VERIFIED with CONFIRMED <+ rationale> to demonstrate that the API design has some security properties baked-in. Thanks, Altaz.
NIST 800-53 SC-6: Resource Availability Considerations:
NIST 800-53 SI-10: Information Input Validation Considerations: All file references should be indirect
NIST 800-53 AC-3: Access Enforcement Considerations: Grant privileges directly to users
NIST 800-53 AC-24: Access Control Decisions Considerations: Security controls assigned to each request
NIST 800-53 AU-6: Audit Review, Analysis, and Reporting Considerations: Grant privileges to specific users