Is OneClick Tomcat's Session ID Unique FIPS 140-2 Compliant
search cancel

Is OneClick Tomcat's Session ID Unique FIPS 140-2 Compliant

book

Article ID: 203578

calendar_today

Updated On:

Products

CA Spectrum CA eHealth

Issue/Introduction


The Application Server Security Requirements Guide Rule ID SV-204766r508029_rule requires that a Session ID be unique and
  to have been generated from a FIPS 140-2 compliant random number

 

Rule Title: The application server must generate a unique session identifier using a FIPS 140-2 approved random number generator.

Discussion: The application server will use session IDs to communicate between modules or applications within the application server
                     and between the application server and users. The session ID allows the application to track the communications along with
                     credentials that may have been used to authenticate users or modules.

Environment

Release : 10.4.x

Component : Spectrum OneClick

Resolution

Tomcat's Session ID is unique (nonsequential) and FIPS 140-2 compliant


 

Additional Information

 

STIG
https://www.stigviewer.com/stig/application_server_security_requirements_guide/2020-09-30/finding/V-204766

 

Powered by Wolken Software