Permalink
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
5755 lines (5755 sloc) 403 KB
<!DOCTYPE html><html><head><title>Standard NIST_800-53</title><link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous"><script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js" integrity="sha384-ZMP7rVo3mIykV+2+9J3UJ46jBk0WLaUAdn689aCwoqbBJiSnjAK/l8WvCWPIPm49" crossorigin="anonymous"></script><script src="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js" integrity="sha384-ChfqqxuZUCnJSK3+MXmPNIyE6ZbWh2IMqE241rYiqJxyMiZ6OW/JmZQ5stwEULTy" crossorigin="anonymous"></script></head><body><center><h2>Standard NIST_800-53</h2></center><nav><button class="btn btn-outline-success" type="button" data-toggle="collapse" data-target="#collapseGroupExample1" aria-expanded="false" aria-controls="collapseGroupExample1">Mapped with the standard</button> <button class="btn btn-outline-warning" type="button" data-toggle="collapse" data-target="#collapseGroupExample2" aria-expanded="false" aria-controls="collapseGroupExample2">Not mapped with the standard</button></nav><br/><div class="accordion" id="root"><div class="collapse" id="collapseGroupExample1" data-parent="#root"><div class="accordion" id="standardGroup"><div class="accordion" id="standardGroup">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse38" aria-expanded="true" aria-controls="collapse38">
Category: V1. Architecture, design and threat modelling <span></span></div>
<div id="collapse38" class="collapse" aria-labelledby="heading38" data-parent="#standardGroup">
<div class="card-body border-success"><div class="accordion" id="standards">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse1" aria-expanded="true" aria-controls="collapse1">
Requirement ASVS: Verify that all application components are identified and are known to be needed. <span>[1.1]</span></div>
<div id="collapse1" class="collapse" aria-labelledby="heading1" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse0" aria-expanded="true" aria-controls="collapse0">
Requirement: Information Security Architecture <span>[PL-8]</span></div>
<div id="collapse0" class="collapse" aria-labelledby="heading0" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse3" aria-expanded="true" aria-controls="collapse3">
Requirement ASVS: Verify that all application components are identified and are known to be needed. <span>[1.1]</span></div>
<div id="collapse3" class="collapse" aria-labelledby="heading3" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse0" aria-expanded="true" aria-controls="collapse0">
Requirement: Information Security Architecture <span>[PL-8]</span></div>
<div id="collapse0" class="collapse" aria-labelledby="heading0" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse2" aria-expanded="true" aria-controls="collapse2">
Requirement: Risk Assessment <span>[RA-3]</span></div>
<div id="collapse2" class="collapse" aria-labelledby="heading2" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse5" aria-expanded="true" aria-controls="collapse5">
Requirement ASVS: Verify that all application components are identified and are known to be needed. <span>[1.1]</span></div>
<div id="collapse5" class="collapse" aria-labelledby="heading5" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse0" aria-expanded="true" aria-controls="collapse0">
Requirement: Information Security Architecture <span>[PL-8]</span></div>
<div id="collapse0" class="collapse" aria-labelledby="heading0" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse2" aria-expanded="true" aria-controls="collapse2">
Requirement: Risk Assessment <span>[RA-3]</span></div>
<div id="collapse2" class="collapse" aria-labelledby="heading2" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse4" aria-expanded="true" aria-controls="collapse4">
Requirement: Information System Component Inventory <span>[CM-8]</span></div>
<div id="collapse4" class="collapse" aria-labelledby="heading4" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse7" aria-expanded="true" aria-controls="collapse7">
Requirement ASVS: Verify that all components, such as libraries, modules, and external systems, that are not part of the application but that the application relies on to operate are identified. <span>[1.2]</span></div>
<div id="collapse7" class="collapse" aria-labelledby="heading7" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse6" aria-expanded="true" aria-controls="collapse6">
Requirement: Information Security Architecture <span>[PL-8]</span></div>
<div id="collapse6" class="collapse" aria-labelledby="heading6" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse9" aria-expanded="true" aria-controls="collapse9">
Requirement ASVS: Verify that all components, such as libraries, modules, and external systems, that are not part of the application but that the application relies on to operate are identified. <span>[1.2]</span></div>
<div id="collapse9" class="collapse" aria-labelledby="heading9" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse6" aria-expanded="true" aria-controls="collapse6">
Requirement: Information Security Architecture <span>[PL-8]</span></div>
<div id="collapse6" class="collapse" aria-labelledby="heading6" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse8" aria-expanded="true" aria-controls="collapse8">
Requirement: Information System Component Inventory <span>[CM-8]</span></div>
<div id="collapse8" class="collapse" aria-labelledby="heading8" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse11" aria-expanded="true" aria-controls="collapse11">
Requirement ASVS: Verify that a high-level architecture for the application has been defined. <span>[1.3]</span></div>
<div id="collapse11" class="collapse" aria-labelledby="heading11" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse10" aria-expanded="true" aria-controls="collapse10">
Requirement: Information Security Architecture <span>[PL-8]</span></div>
<div id="collapse10" class="collapse" aria-labelledby="heading10" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse13" aria-expanded="true" aria-controls="collapse13">
Requirement ASVS: Verify that a high-level architecture for the application has been defined. <span>[1.3]</span></div>
<div id="collapse13" class="collapse" aria-labelledby="heading13" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse10" aria-expanded="true" aria-controls="collapse10">
Requirement: Information Security Architecture <span>[PL-8]</span></div>
<div id="collapse10" class="collapse" aria-labelledby="heading10" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse12" aria-expanded="true" aria-controls="collapse12">
Requirement: Information System Component Inventory <span>[CM-8]</span></div>
<div id="collapse12" class="collapse" aria-labelledby="heading12" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse15" aria-expanded="true" aria-controls="collapse15">
Requirement ASVS: Verify that all application components are defined in terms of the business functions and/or security functions they provide. <span>[1.4]</span></div>
<div id="collapse15" class="collapse" aria-labelledby="heading15" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse14" aria-expanded="true" aria-controls="collapse14">
Requirement: Information System Documentation <span>[SA-5]</span></div>
<div id="collapse14" class="collapse" aria-labelledby="heading14" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse17" aria-expanded="true" aria-controls="collapse17">
Requirement ASVS: Verify that all application components are defined in terms of the business functions and/or security functions they provide. <span>[1.4]</span></div>
<div id="collapse17" class="collapse" aria-labelledby="heading17" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse14" aria-expanded="true" aria-controls="collapse14">
Requirement: Information System Documentation <span>[SA-5]</span></div>
<div id="collapse14" class="collapse" aria-labelledby="heading14" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse16" aria-expanded="true" aria-controls="collapse16">
Requirement: Security Function Verification <span>[SI-6]</span></div>
<div id="collapse16" class="collapse" aria-labelledby="heading16" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse19" aria-expanded="true" aria-controls="collapse19">
Requirement ASVS: Verify that all components that are not part of the application but that the application relies on to operate are defined in terms of the functions, and/or security functions, they provide. <span>[1.5]</span></div>
<div id="collapse19" class="collapse" aria-labelledby="heading19" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse18" aria-expanded="true" aria-controls="collapse18">
Requirement: System Interconnections <span>[CA-3]</span></div>
<div id="collapse18" class="collapse" aria-labelledby="heading18" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse21" aria-expanded="true" aria-controls="collapse21">
Requirement ASVS: Verify that all components that are not part of the application but that the application relies on to operate are defined in terms of the functions, and/or security functions, they provide. <span>[1.5]</span></div>
<div id="collapse21" class="collapse" aria-labelledby="heading21" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse18" aria-expanded="true" aria-controls="collapse18">
Requirement: System Interconnections <span>[CA-3]</span></div>
<div id="collapse18" class="collapse" aria-labelledby="heading18" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse20" aria-expanded="true" aria-controls="collapse20">
Requirement: Security Engineering Principles <span>[SA-8]</span></div>
<div id="collapse20" class="collapse" aria-labelledby="heading20" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse23" aria-expanded="true" aria-controls="collapse23">
Requirement ASVS: Verify that all components that are not part of the application but that the application relies on to operate are defined in terms of the functions, and/or security functions, they provide. <span>[1.5]</span></div>
<div id="collapse23" class="collapse" aria-labelledby="heading23" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse18" aria-expanded="true" aria-controls="collapse18">
Requirement: System Interconnections <span>[CA-3]</span></div>
<div id="collapse18" class="collapse" aria-labelledby="heading18" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse20" aria-expanded="true" aria-controls="collapse20">
Requirement: Security Engineering Principles <span>[SA-8]</span></div>
<div id="collapse20" class="collapse" aria-labelledby="heading20" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse22" aria-expanded="true" aria-controls="collapse22">
Requirement: External Information System Services <span>[SA-9]</span></div>
<div id="collapse22" class="collapse" aria-labelledby="heading22" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse25" aria-expanded="true" aria-controls="collapse25">
Requirement ASVS: Verify that a threat model for the target application has been produced and covers off risks associated with Spoofing, Tampering, Repudiation, Information Disclosure, and Elevation of privilege (STRIDE). <span>[1.6]</span></div>
<div id="collapse25" class="collapse" aria-labelledby="heading25" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse24" aria-expanded="true" aria-controls="collapse24">
Requirement: Development Process, Standards, and Tools <span>[SA-15]</span></div>
<div id="collapse24" class="collapse" aria-labelledby="heading24" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse27" aria-expanded="true" aria-controls="collapse27">
Requirement ASVS: Verify all security controls (including libraries that call external security services) have a centralized implementation. <span>[1.7]</span></div>
<div id="collapse27" class="collapse" aria-labelledby="heading27" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse26" aria-expanded="true" aria-controls="collapse26">
Requirement: Development Process, Standards, and Tools <span>[SA-15]</span></div>
<div id="collapse26" class="collapse" aria-labelledby="heading26" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse29" aria-expanded="true" aria-controls="collapse29">
Requirement ASVS: Verify that components are segregated from each other via a defined security control, such as network segmentation, firewall rules, or cloud based security groups. <span>[1.8]</span></div>
<div id="collapse29" class="collapse" aria-labelledby="heading29" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse28" aria-expanded="true" aria-controls="collapse28">
Requirement: Development Process, Standards, and Tools <span>[SA-15]</span></div>
<div id="collapse28" class="collapse" aria-labelledby="heading28" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse31" aria-expanded="true" aria-controls="collapse31">
Requirement ASVS: Verify the application has a clear separation between the data layer, controller layer and the display layer, such that security decisions can be enforced on trusted systems. <span>[1.9]</span></div>
<div id="collapse31" class="collapse" aria-labelledby="heading31" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse30" aria-expanded="true" aria-controls="collapse30">
Requirement: Security Engineering Principles <span>[SA-8]</span></div>
<div id="collapse30" class="collapse" aria-labelledby="heading30" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse33" aria-expanded="true" aria-controls="collapse33">
Requirement ASVS: Verify that there is no sensitive business logic, secret keys or other proprietary information in client side code. <span>[1.10]</span></div>
<div id="collapse33" class="collapse" aria-labelledby="heading33" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse32" aria-expanded="true" aria-controls="collapse32">
Requirement: Security Engineering Principles <span>[SA-8]</span></div>
<div id="collapse32" class="collapse" aria-labelledby="heading32" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse35" aria-expanded="true" aria-controls="collapse35">
Requirement ASVS: Verify that all application components, libraries, modules, frameworks, platform, and operating systems are free from known vulnerabilities. <span>[1.11]</span></div>
<div id="collapse35" class="collapse" aria-labelledby="heading35" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse34" aria-expanded="true" aria-controls="collapse34">
Requirement: Security Engineering Principles <span>[SA-8]</span></div>
<div id="collapse34" class="collapse" aria-labelledby="heading34" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse37" aria-expanded="true" aria-controls="collapse37">
Requirement ASVS: Verify that all application components, libraries, modules, frameworks, platform, and operating systems are free from known vulnerabilities. <span>[1.11]</span></div>
<div id="collapse37" class="collapse" aria-labelledby="heading37" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse34" aria-expanded="true" aria-controls="collapse34">
Requirement: Security Engineering Principles <span>[SA-8]</span></div>
<div id="collapse34" class="collapse" aria-labelledby="heading34" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse36" aria-expanded="true" aria-controls="collapse36">
Requirement: Development Process, Standards, and Tools <span>[SA-15]</span></div>
<div id="collapse36" class="collapse" aria-labelledby="heading36" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse99" aria-expanded="true" aria-controls="collapse99">
Category: V2: Authentication Verification Requirements <span></span></div>
<div id="collapse99" class="collapse" aria-labelledby="heading99" data-parent="#standardGroup">
<div class="card-body border-success"><div class="accordion" id="standards">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse40" aria-expanded="true" aria-controls="collapse40">
Requirement ASVS: Verify all pages and resources by default require authentication except those specifically intended to be public (Principle of complete mediation). <span>[2.1]</span></div>
<div id="collapse40" class="collapse" aria-labelledby="heading40" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse39" aria-expanded="true" aria-controls="collapse39">
Requirement: Identification and Authentication Policy and Procedures <span>[IA-1]</span></div>
<div id="collapse39" class="collapse" aria-labelledby="heading39" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse42" aria-expanded="true" aria-controls="collapse42">
Requirement ASVS: Verify that forms containing credentials are not filled in by the application. Pre-filling by the application implies that credentials are stored in plaintext or a reversible format, which is explicitly prohibited. <span>[2.2]</span></div>
<div id="collapse42" class="collapse" aria-labelledby="heading42" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse41" aria-expanded="true" aria-controls="collapse41">
Requirement: Identification and Authentication Policy and Procedures <span>[IA-1]</span></div>
<div id="collapse41" class="collapse" aria-labelledby="heading41" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse44" aria-expanded="true" aria-controls="collapse44">
Requirement ASVS: Verify all authentication controls are enforced on the server side. <span>[2.4]</span></div>
<div id="collapse44" class="collapse" aria-labelledby="heading44" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse43" aria-expanded="true" aria-controls="collapse43">
Requirement: Access Control Policy and Procedures <span>[AC-1]</span></div>
<div id="collapse43" class="collapse" aria-labelledby="heading43" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse46" aria-expanded="true" aria-controls="collapse46">
Requirement ASVS: Verify all authentication controls fail securely to ensure attackers cannot log in. <span>[2.6]</span></div>
<div id="collapse46" class="collapse" aria-labelledby="heading46" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse45" aria-expanded="true" aria-controls="collapse45">
Requirement: Unsuccessful Logon Attempts <span>[AC-7]</span></div>
<div id="collapse45" class="collapse" aria-labelledby="heading45" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse48" aria-expanded="true" aria-controls="collapse48">
Requirement ASVS: Verify password entry fields allow, or encourage, the use of passphrases, and do not prevent password managers, long passphrases or highly complex passwords being entered. <span>[2.7]</span></div>
<div id="collapse48" class="collapse" aria-labelledby="heading48" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse47" aria-expanded="true" aria-controls="collapse47">
Requirement: Identification and Authentication Policy and Procedures <span>[IA-1]</span></div>
<div id="collapse47" class="collapse" aria-labelledby="heading47" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse50" aria-expanded="true" aria-controls="collapse50">
Requirement ASVS: Verify all account identity authentication functions (such as update profile, forgot password, disabled / lost token, help desk or IVR) that might regain access to the account are at least as resistant to attack as the primary authentication mechanism. <span>[2.8]</span></div>
<div id="collapse50" class="collapse" aria-labelledby="heading50" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse49" aria-expanded="true" aria-controls="collapse49">
Requirement: Penetration Testing <span>[CA-8]</span></div>
<div id="collapse49" class="collapse" aria-labelledby="heading49" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse52" aria-expanded="true" aria-controls="collapse52">
Requirement ASVS: Verify that the changing password functionality includes the old password, the new password, and a password confirmation. <span>[2.9]</span></div>
<div id="collapse52" class="collapse" aria-labelledby="heading52" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse51" aria-expanded="true" aria-controls="collapse51">
Requirement: Re-authentication <span>[IA-11]</span></div>
<div id="collapse51" class="collapse" aria-labelledby="heading51" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse54" aria-expanded="true" aria-controls="collapse54">
Requirement ASVS: Verify that all authentication decisions can be logged, without storing sensitive session identifiers or passwords. This should include requests with relevant metadata needed for security investigations. <span>[2.12]</span></div>
<div id="collapse54" class="collapse" aria-labelledby="heading54" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse53" aria-expanded="true" aria-controls="collapse53">
Requirement: Unsuccessful Logon Attempts <span>[AC-7]</span></div>
<div id="collapse53" class="collapse" aria-labelledby="heading53" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse56" aria-expanded="true" aria-controls="collapse56">
Requirement ASVS: Verify that all authentication decisions can be logged, without storing sensitive session identifiers or passwords. This should include requests with relevant metadata needed for security investigations. <span>[2.12]</span></div>
<div id="collapse56" class="collapse" aria-labelledby="heading56" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse53" aria-expanded="true" aria-controls="collapse53">
Requirement: Unsuccessful Logon Attempts <span>[AC-7]</span></div>
<div id="collapse53" class="collapse" aria-labelledby="heading53" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse55" aria-expanded="true" aria-controls="collapse55">
Requirement: Audit Events <span>[AU-2]</span></div>
<div id="collapse55" class="collapse" aria-labelledby="heading55" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse58" aria-expanded="true" aria-controls="collapse58">
Requirement ASVS: Verify that all authentication decisions can be logged, without storing sensitive session identifiers or passwords. This should include requests with relevant metadata needed for security investigations. <span>[2.12]</span></div>
<div id="collapse58" class="collapse" aria-labelledby="heading58" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse53" aria-expanded="true" aria-controls="collapse53">
Requirement: Unsuccessful Logon Attempts <span>[AC-7]</span></div>
<div id="collapse53" class="collapse" aria-labelledby="heading53" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse55" aria-expanded="true" aria-controls="collapse55">
Requirement: Audit Events <span>[AU-2]</span></div>
<div id="collapse55" class="collapse" aria-labelledby="heading55" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse57" aria-expanded="true" aria-controls="collapse57">
Requirement: Session Audit <span>[AU-14]</span></div>
<div id="collapse57" class="collapse" aria-labelledby="heading57" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse60" aria-expanded="true" aria-controls="collapse60">
Requirement ASVS: Verify that all authentication decisions can be logged, without storing sensitive session identifiers or passwords. This should include requests with relevant metadata needed for security investigations. <span>[2.12]</span></div>
<div id="collapse60" class="collapse" aria-labelledby="heading60" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse53" aria-expanded="true" aria-controls="collapse53">
Requirement: Unsuccessful Logon Attempts <span>[AC-7]</span></div>
<div id="collapse53" class="collapse" aria-labelledby="heading53" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse55" aria-expanded="true" aria-controls="collapse55">
Requirement: Audit Events <span>[AU-2]</span></div>
<div id="collapse55" class="collapse" aria-labelledby="heading55" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse57" aria-expanded="true" aria-controls="collapse57">
Requirement: Session Audit <span>[AU-14]</span></div>
<div id="collapse57" class="collapse" aria-labelledby="heading57" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse59" aria-expanded="true" aria-controls="collapse59">
Requirement: Incident Monitoring <span>[IR-5]</span></div>
<div id="collapse59" class="collapse" aria-labelledby="heading59" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse62" aria-expanded="true" aria-controls="collapse62">
Requirement ASVS: Verify that credentials are transported using a suitable encrypted link and that all pages/functions that require a user to enter credentials are done so using an encrypted link. <span>[2.16]</span></div>
<div id="collapse62" class="collapse" aria-labelledby="heading62" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse61" aria-expanded="true" aria-controls="collapse61">
Requirement: Transmission Confidentiality and Integrity <span>[SC-8]</span></div>
<div id="collapse61" class="collapse" aria-labelledby="heading61" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse64" aria-expanded="true" aria-controls="collapse64">
Requirement ASVS: Verify that the forgotten password function and other recovery paths do not reveal the current password and that the new password is not sent in clear text to the user. <span>[2.17]</span></div>
<div id="collapse64" class="collapse" aria-labelledby="heading64" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse63" aria-expanded="true" aria-controls="collapse63">
Requirement: Penetration Testing <span>[CA-8]</span></div>
<div id="collapse63" class="collapse" aria-labelledby="heading63" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse66" aria-expanded="true" aria-controls="collapse66">
Requirement ASVS: Verify that the forgotten password function and other recovery paths do not reveal the current password and that the new password is not sent in clear text to the user. <span>[2.17]</span></div>
<div id="collapse66" class="collapse" aria-labelledby="heading66" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse63" aria-expanded="true" aria-controls="collapse63">
Requirement: Penetration Testing <span>[CA-8]</span></div>
<div id="collapse63" class="collapse" aria-labelledby="heading63" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse65" aria-expanded="true" aria-controls="collapse65">
Requirement: Transmission Confidentiality and Integrity <span>[SC-8]</span></div>
<div id="collapse65" class="collapse" aria-labelledby="heading65" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse68" aria-expanded="true" aria-controls="collapse68">
Requirement ASVS: Verify there are no default passwords in use for the application framework or any components used by the application (such as “admin/password”). <span>[2.19]</span></div>
<div id="collapse68" class="collapse" aria-labelledby="heading68" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse67" aria-expanded="true" aria-controls="collapse67">
Requirement: Identification and Authentication Policy and Procedures <span>[IA-1]</span></div>
<div id="collapse67" class="collapse" aria-labelledby="heading67" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse70" aria-expanded="true" aria-controls="collapse70">
Requirement ASVS: Verify that all authentication credentials for accessing services external to the application are encrypted and stored in a protected location. <span>[2.21]</span></div>
<div id="collapse70" class="collapse" aria-labelledby="heading70" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse69" aria-expanded="true" aria-controls="collapse69">
Requirement: Configuration Settings <span>[CM-6]</span></div>
<div id="collapse69" class="collapse" aria-labelledby="heading69" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse72" aria-expanded="true" aria-controls="collapse72">
Requirement ASVS: Verify that forgotten password and other recovery paths use a TOTP or other soft token, mobile push, or other offline recovery mechanism. Use of a random value in an e-mail or SMS should be a last resort and is known weak. <span>[2.22]</span></div>
<div id="collapse72" class="collapse" aria-labelledby="heading72" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse71" aria-expanded="true" aria-controls="collapse71">
Requirement: Identification and Authentication Policy and Procedures <span>[IA-1]</span></div>
<div id="collapse71" class="collapse" aria-labelledby="heading71" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse74" aria-expanded="true" aria-controls="collapse74">
Requirement ASVS: Verify that account lockout is divided into soft and hard lock status, and these are not mutually exclusive. If an account is temporarily soft locked out due to a brute force attack, this should not reset the hard lock status. <span>[2.23]</span></div>
<div id="collapse74" class="collapse" aria-labelledby="heading74" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse73" aria-expanded="true" aria-controls="collapse73">
Requirement: Identification and Authentication Policy and Procedures <span>[IA-1]</span></div>
<div id="collapse73" class="collapse" aria-labelledby="heading73" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse76" aria-expanded="true" aria-controls="collapse76">
Requirement ASVS: Verify that account lockout is divided into soft and hard lock status, and these are not mutually exclusive. If an account is temporarily soft locked out due to a brute force attack, this should not reset the hard lock status. <span>[2.23]</span></div>
<div id="collapse76" class="collapse" aria-labelledby="heading76" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse73" aria-expanded="true" aria-controls="collapse73">
Requirement: Identification and Authentication Policy and Procedures <span>[IA-1]</span></div>
<div id="collapse73" class="collapse" aria-labelledby="heading73" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse75" aria-expanded="true" aria-controls="collapse75">
Requirement: Account Management <span>[AC-2]</span></div>
<div id="collapse75" class="collapse" aria-labelledby="heading75" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse78" aria-expanded="true" aria-controls="collapse78">
Requirement ASVS: Verify that account lockout is divided into soft and hard lock status, and these are not mutually exclusive. If an account is temporarily soft locked out due to a brute force attack, this should not reset the hard lock status. <span>[2.23]</span></div>
<div id="collapse78" class="collapse" aria-labelledby="heading78" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse73" aria-expanded="true" aria-controls="collapse73">
Requirement: Identification and Authentication Policy and Procedures <span>[IA-1]</span></div>
<div id="collapse73" class="collapse" aria-labelledby="heading73" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse75" aria-expanded="true" aria-controls="collapse75">
Requirement: Account Management <span>[AC-2]</span></div>
<div id="collapse75" class="collapse" aria-labelledby="heading75" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse77" aria-expanded="true" aria-controls="collapse77">
Requirement: Unsuccessful Logon Attempts <span>[AC-7]</span></div>
<div id="collapse77" class="collapse" aria-labelledby="heading77" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse80" aria-expanded="true" aria-controls="collapse80">
Requirement ASVS: Verify that if shared knowledge based questions (also known as "secret questions") are required, the questions do not violate privacy laws and are sufficiently strong to protect accounts from malicious recovery. <span>[2.24]</span></div>
<div id="collapse80" class="collapse" aria-labelledby="heading80" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse79" aria-expanded="true" aria-controls="collapse79">
Requirement: Identification and Authentication Policy and Procedures <span>[IA-1]</span></div>
<div id="collapse79" class="collapse" aria-labelledby="heading79" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse82" aria-expanded="true" aria-controls="collapse82">
Requirement ASVS: Verify that if shared knowledge based questions (also known as "secret questions") are required, the questions do not violate privacy laws and are sufficiently strong to protect accounts from malicious recovery. <span>[2.24]</span></div>
<div id="collapse82" class="collapse" aria-labelledby="heading82" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse79" aria-expanded="true" aria-controls="collapse79">
Requirement: Identification and Authentication Policy and Procedures <span>[IA-1]</span></div>
<div id="collapse79" class="collapse" aria-labelledby="heading79" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse81" aria-expanded="true" aria-controls="collapse81">
Requirement: Account Management <span>[AC-2]</span></div>
<div id="collapse81" class="collapse" aria-labelledby="heading81" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse84" aria-expanded="true" aria-controls="collapse84">
Requirement ASVS: Verify that the system can be configured to disallow the use of a configurable number of previous passwords. <span>[2.25]</span></div>
<div id="collapse84" class="collapse" aria-labelledby="heading84" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse83" aria-expanded="true" aria-controls="collapse83">
Requirement: Identification and Authentication Policy and Procedures <span>[IA-1]</span></div>
<div id="collapse83" class="collapse" aria-labelledby="heading83" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse86" aria-expanded="true" aria-controls="collapse86">
Requirement ASVS: Verify that risk based re-authentication, two factor or transaction signing is in place for high value transactions. <span>[2.26]</span></div>
<div id="collapse86" class="collapse" aria-labelledby="heading86" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse85" aria-expanded="true" aria-controls="collapse85">
Requirement: Identification and Authentication Policy and Procedures <span>[IA-1]</span></div>
<div id="collapse85" class="collapse" aria-labelledby="heading85" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse88" aria-expanded="true" aria-controls="collapse88">
Requirement ASVS: Verify that measures are in place to block the use of commonly chosen passwords and weak passphrases. <span>[2.27]</span></div>
<div id="collapse88" class="collapse" aria-labelledby="heading88" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse87" aria-expanded="true" aria-controls="collapse87">
Requirement: Identification and Authentication Policy and Procedures <span>[IA-1]</span></div>
<div id="collapse87" class="collapse" aria-labelledby="heading87" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse90" aria-expanded="true" aria-controls="collapse90">
Requirement ASVS: Verify that all authentication challenges, whether successful or failed, should respond in the same average response time. <span>[2.28]</span></div>
<div id="collapse90" class="collapse" aria-labelledby="heading90" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse89" aria-expanded="true" aria-controls="collapse89">
Requirement: Identification and Authentication Policy and Procedures <span>[IA-1]</span></div>
<div id="collapse89" class="collapse" aria-labelledby="heading89" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse92" aria-expanded="true" aria-controls="collapse92">
Requirement ASVS: Verify that secrets, API keys, and passwords are not included in the source code, or online source code repositories. <span>[2.29]</span></div>
<div id="collapse92" class="collapse" aria-labelledby="heading92" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse91" aria-expanded="true" aria-controls="collapse91">
Requirement: Monitoring for Information Disclosure <span>[AU-13]</span></div>
<div id="collapse91" class="collapse" aria-labelledby="heading91" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse94" aria-expanded="true" aria-controls="collapse94">
Requirement ASVS: Verify that if an application allows users to authenticate, they can authenticate using two-factor authentication or other strong authentication, or any similar scheme that provides protection against username + password disclosure. <span>[2.31]</span></div>
<div id="collapse94" class="collapse" aria-labelledby="heading94" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse93" aria-expanded="true" aria-controls="collapse93">
Requirement: Identification and Authentication Policy and Procedures <span>[IA-1]</span></div>
<div id="collapse93" class="collapse" aria-labelledby="heading93" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse96" aria-expanded="true" aria-controls="collapse96">
Requirement ASVS: Verify that administrative interfaces are not accessible to untrusted parties. <span>[2.32]</span></div>
<div id="collapse96" class="collapse" aria-labelledby="heading96" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse95" aria-expanded="true" aria-controls="collapse95">
Requirement: Access Control Policy and Procedures <span>[AC-1]</span></div>
<div id="collapse95" class="collapse" aria-labelledby="heading95" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse98" aria-expanded="true" aria-controls="collapse98">
Requirement ASVS: Browser autocomplete, and integration with password managers are permitted unless prohibited by risk based policy. <span>[2.33]</span></div>
<div id="collapse98" class="collapse" aria-labelledby="heading98" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse97" aria-expanded="true" aria-controls="collapse97">
Requirement: Risk Assessment Policy and Procedures <span>[RA-1]</span></div>
<div id="collapse97" class="collapse" aria-labelledby="heading97" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse132" aria-expanded="true" aria-controls="collapse132">
Category: V3: Session Management Verification Requirements <span></span></div>
<div id="collapse132" class="collapse" aria-labelledby="heading132" data-parent="#standardGroup">
<div class="card-body border-success"><div class="accordion" id="standards">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse101" aria-expanded="true" aria-controls="collapse101">
Requirement ASVS: Verify that there is no custom session manager, or that the custom session manager is resistant against all common session management attacks. <span>[3.1]</span></div>
<div id="collapse101" class="collapse" aria-labelledby="heading101" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse100" aria-expanded="true" aria-controls="collapse100">
Requirement: Session Lock <span>[AC-11]</span></div>
<div id="collapse100" class="collapse" aria-labelledby="heading100" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse103" aria-expanded="true" aria-controls="collapse103">
Requirement ASVS: Verify that there is no custom session manager, or that the custom session manager is resistant against all common session management attacks. <span>[3.1]</span></div>
<div id="collapse103" class="collapse" aria-labelledby="heading103" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse100" aria-expanded="true" aria-controls="collapse100">
Requirement: Session Lock <span>[AC-11]</span></div>
<div id="collapse100" class="collapse" aria-labelledby="heading100" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse102" aria-expanded="true" aria-controls="collapse102">
Requirement: Session Termination <span>[AC-12]</span></div>
<div id="collapse102" class="collapse" aria-labelledby="heading102" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse105" aria-expanded="true" aria-controls="collapse105">
Requirement ASVS: Verify that sessions are invalidated when the user logs out. <span>[3.2]</span></div>
<div id="collapse105" class="collapse" aria-labelledby="heading105" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse104" aria-expanded="true" aria-controls="collapse104">
Requirement: Session Termination <span>[AC-12]</span></div>
<div id="collapse104" class="collapse" aria-labelledby="heading104" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse107" aria-expanded="true" aria-controls="collapse107">
Requirement ASVS: Verify that sessions are invalidated when the user logs out. <span>[3.2]</span></div>
<div id="collapse107" class="collapse" aria-labelledby="heading107" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse104" aria-expanded="true" aria-controls="collapse104">
Requirement: Session Termination <span>[AC-12]</span></div>
<div id="collapse104" class="collapse" aria-labelledby="heading104" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse106" aria-expanded="true" aria-controls="collapse106">
Requirement: Session Lock <span>[AC-11]</span></div>
<div id="collapse106" class="collapse" aria-labelledby="heading106" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse109" aria-expanded="true" aria-controls="collapse109">
Requirement ASVS: Verify that sessions timeout after a specified period of inactivity. <span>[3.3]</span></div>
<div id="collapse109" class="collapse" aria-labelledby="heading109" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse108" aria-expanded="true" aria-controls="collapse108">
Requirement: Session Termination <span>[AC-12]</span></div>
<div id="collapse108" class="collapse" aria-labelledby="heading108" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse111" aria-expanded="true" aria-controls="collapse111">
Requirement ASVS: Verify that sessions timeout after a specified period of inactivity. <span>[3.3]</span></div>
<div id="collapse111" class="collapse" aria-labelledby="heading111" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse108" aria-expanded="true" aria-controls="collapse108">
Requirement: Session Termination <span>[AC-12]</span></div>
<div id="collapse108" class="collapse" aria-labelledby="heading108" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse110" aria-expanded="true" aria-controls="collapse110">
Requirement: Session Lock <span>[AC-11]</span></div>
<div id="collapse110" class="collapse" aria-labelledby="heading110" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse113" aria-expanded="true" aria-controls="collapse113">
Requirement ASVS: Verify that sessions timeout after an administratively-configurable maximum time period regardless of activity (an absolute timeout). <span>[3.4]</span></div>
<div id="collapse113" class="collapse" aria-labelledby="heading113" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse112" aria-expanded="true" aria-controls="collapse112">
Requirement: Session Termination <span>[AC-12]</span></div>
<div id="collapse112" class="collapse" aria-labelledby="heading112" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse115" aria-expanded="true" aria-controls="collapse115">
Requirement ASVS: Verify that sessions timeout after an administratively-configurable maximum time period regardless of activity (an absolute timeout). <span>[3.4]</span></div>
<div id="collapse115" class="collapse" aria-labelledby="heading115" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse112" aria-expanded="true" aria-controls="collapse112">
Requirement: Session Termination <span>[AC-12]</span></div>
<div id="collapse112" class="collapse" aria-labelledby="heading112" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse114" aria-expanded="true" aria-controls="collapse114">
Requirement: Session Lock <span>[AC-11]</span></div>
<div id="collapse114" class="collapse" aria-labelledby="heading114" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse117" aria-expanded="true" aria-controls="collapse117">
Requirement ASVS: Verify that all pages that require authentication have easy and visible access to logout functionality. <span>[3.5]</span></div>
<div id="collapse117" class="collapse" aria-labelledby="heading117" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse116" aria-expanded="true" aria-controls="collapse116">
Requirement: Identification and Authentication Policy and Procedures <span>[IA-1]</span></div>
<div id="collapse116" class="collapse" aria-labelledby="heading116" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse119" aria-expanded="true" aria-controls="collapse119">
Requirement ASVS: Verify that the session id is never disclosed in URLs, error messages, or logs. This includes verifying that the application does not support URL rewriting of session cookies. <span>[3.6]</span></div>
<div id="collapse119" class="collapse" aria-labelledby="heading119" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse118" aria-expanded="true" aria-controls="collapse118">
Requirement: Penetration Testing <span>[CA-8]</span></div>
<div id="collapse118" class="collapse" aria-labelledby="heading118" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse121" aria-expanded="true" aria-controls="collapse121">
Requirement ASVS: Verify that all successful authentication and re-authentication generates a new session and session id. <span>[3.7]</span></div>
<div id="collapse121" class="collapse" aria-labelledby="heading121" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse120" aria-expanded="true" aria-controls="collapse120">
Requirement: Penetration Testing <span>[CA-8]</span></div>
<div id="collapse120" class="collapse" aria-labelledby="heading120" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse123" aria-expanded="true" aria-controls="collapse123">
Requirement ASVS: Verify that only session ids generated by the application framework are recognized as active by the application. <span>[3.10]</span></div>
<div id="collapse123" class="collapse" aria-labelledby="heading123" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse122" aria-expanded="true" aria-controls="collapse122">
Requirement: Penetration Testing <span>[CA-8]</span></div>
<div id="collapse122" class="collapse" aria-labelledby="heading122" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse125" aria-expanded="true" aria-controls="collapse125">
Requirement ASVS: Verify that an active session list is displayed in the account profile or similar of each user. The user should be able to terminate any active session. <span>[3.17]</span></div>
<div id="collapse125" class="collapse" aria-labelledby="heading125" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse124" aria-expanded="true" aria-controls="collapse124">
Requirement: Session Lock <span>[AC-11]</span></div>
<div id="collapse124" class="collapse" aria-labelledby="heading124" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse127" aria-expanded="true" aria-controls="collapse127">
Requirement ASVS: Verify that an active session list is displayed in the account profile or similar of each user. The user should be able to terminate any active session. <span>[3.17]</span></div>
<div id="collapse127" class="collapse" aria-labelledby="heading127" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse124" aria-expanded="true" aria-controls="collapse124">
Requirement: Session Lock <span>[AC-11]</span></div>
<div id="collapse124" class="collapse" aria-labelledby="heading124" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse126" aria-expanded="true" aria-controls="collapse126">
Requirement: Session Termination <span>[AC-12]</span></div>
<div id="collapse126" class="collapse" aria-labelledby="heading126" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse129" aria-expanded="true" aria-controls="collapse129">
Requirement ASVS: Verify the user is prompted with the option to terminate all other active sessions after a successful change password process. <span>[3.18]</span></div>
<div id="collapse129" class="collapse" aria-labelledby="heading129" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse128" aria-expanded="true" aria-controls="collapse128">
Requirement: Session Lock <span>[AC-11]</span></div>
<div id="collapse128" class="collapse" aria-labelledby="heading128" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse131" aria-expanded="true" aria-controls="collapse131">
Requirement ASVS: Verify the user is prompted with the option to terminate all other active sessions after a successful change password process. <span>[3.18]</span></div>
<div id="collapse131" class="collapse" aria-labelledby="heading131" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse128" aria-expanded="true" aria-controls="collapse128">
Requirement: Session Lock <span>[AC-11]</span></div>
<div id="collapse128" class="collapse" aria-labelledby="heading128" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse130" aria-expanded="true" aria-controls="collapse130">
Requirement: Session Termination <span>[AC-12]</span></div>
<div id="collapse130" class="collapse" aria-labelledby="heading130" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse179" aria-expanded="true" aria-controls="collapse179">
Category: V4: Access Control Verification Requirements <span></span></div>
<div id="collapse179" class="collapse" aria-labelledby="heading179" data-parent="#standardGroup">
<div class="card-body border-success"><div class="accordion" id="standards">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse134" aria-expanded="true" aria-controls="collapse134">
Requirement ASVS: Verify that the principle of least privilege exists - users should only be able to access functions, data files, URLs, controllers, services, and other resources, for which they possess specific authorization. This implies protection against spoofing and elevation of privilege. <span>[4.1]</span></div>
<div id="collapse134" class="collapse" aria-labelledby="heading134" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse133" aria-expanded="true" aria-controls="collapse133">
Requirement: Access Control Policy and Procedures <span>[AC-1]</span></div>
<div id="collapse133" class="collapse" aria-labelledby="heading133" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse136" aria-expanded="true" aria-controls="collapse136">
Requirement ASVS: Verify that the principle of least privilege exists - users should only be able to access functions, data files, URLs, controllers, services, and other resources, for which they possess specific authorization. This implies protection against spoofing and elevation of privilege. <span>[4.1]</span></div>
<div id="collapse136" class="collapse" aria-labelledby="heading136" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse133" aria-expanded="true" aria-controls="collapse133">
Requirement: Access Control Policy and Procedures <span>[AC-1]</span></div>
<div id="collapse133" class="collapse" aria-labelledby="heading133" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse135" aria-expanded="true" aria-controls="collapse135">
Requirement: Least Privilege <span>[AC-6]</span></div>
<div id="collapse135" class="collapse" aria-labelledby="heading135" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse138" aria-expanded="true" aria-controls="collapse138">
Requirement ASVS: Verify that the principle of least privilege exists - users should only be able to access functions, data files, URLs, controllers, services, and other resources, for which they possess specific authorization. This implies protection against spoofing and elevation of privilege. <span>[4.1]</span></div>
<div id="collapse138" class="collapse" aria-labelledby="heading138" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse133" aria-expanded="true" aria-controls="collapse133">
Requirement: Access Control Policy and Procedures <span>[AC-1]</span></div>
<div id="collapse133" class="collapse" aria-labelledby="heading133" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse135" aria-expanded="true" aria-controls="collapse135">
Requirement: Least Privilege <span>[AC-6]</span></div>
<div id="collapse135" class="collapse" aria-labelledby="heading135" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse137" aria-expanded="true" aria-controls="collapse137">
Requirement: Least Functionality <span>[CM-7]</span></div>
<div id="collapse137" class="collapse" aria-labelledby="heading137" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse140" aria-expanded="true" aria-controls="collapse140">
Requirement ASVS: Verify that access to sensitive records is protected, such that only authorized objects or data is accessible to each user (for example, protect against users tampering with a parameter to see or alter another user's account). <span>[4.4]</span></div>
<div id="collapse140" class="collapse" aria-labelledby="heading140" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse139" aria-expanded="true" aria-controls="collapse139">
Requirement: Access Control Policy and Procedures <span>[AC-1]</span></div>
<div id="collapse139" class="collapse" aria-labelledby="heading139" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse142" aria-expanded="true" aria-controls="collapse142">
Requirement ASVS: Verify that access to sensitive records is protected, such that only authorized objects or data is accessible to each user (for example, protect against users tampering with a parameter to see or alter another user's account). <span>[4.4]</span></div>
<div id="collapse142" class="collapse" aria-labelledby="heading142" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse139" aria-expanded="true" aria-controls="collapse139">
Requirement: Access Control Policy and Procedures <span>[AC-1]</span></div>
<div id="collapse139" class="collapse" aria-labelledby="heading139" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse141" aria-expanded="true" aria-controls="collapse141">
Requirement: Least Privilege <span>[AC-6]</span></div>
<div id="collapse141" class="collapse" aria-labelledby="heading141" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse144" aria-expanded="true" aria-controls="collapse144">
Requirement ASVS: Verify that directory browsing is disabled unless deliberately desired. Additionally, applications should not allow discovery or disclosure of file or directory metadata, such as Thumbs.db, .DS_Store, .git or .svn folders. <span>[4.5]</span></div>
<div id="collapse144" class="collapse" aria-labelledby="heading144" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse143" aria-expanded="true" aria-controls="collapse143">
Requirement: Baseline Configuration <span>[CM-2]</span></div>
<div id="collapse143" class="collapse" aria-labelledby="heading143" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse146" aria-expanded="true" aria-controls="collapse146">
Requirement ASVS: Verify that directory browsing is disabled unless deliberately desired. Additionally, applications should not allow discovery or disclosure of file or directory metadata, such as Thumbs.db, .DS_Store, .git or .svn folders. <span>[4.5]</span></div>
<div id="collapse146" class="collapse" aria-labelledby="heading146" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse143" aria-expanded="true" aria-controls="collapse143">
Requirement: Baseline Configuration <span>[CM-2]</span></div>
<div id="collapse143" class="collapse" aria-labelledby="heading143" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse145" aria-expanded="true" aria-controls="collapse145">
Requirement: Configuration Settings <span>[CM-6]</span></div>
<div id="collapse145" class="collapse" aria-labelledby="heading145" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse148" aria-expanded="true" aria-controls="collapse148">
Requirement ASVS: Verify that access controls fail securely. <span>[4.8]</span></div>
<div id="collapse148" class="collapse" aria-labelledby="heading148" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse147" aria-expanded="true" aria-controls="collapse147">
Requirement: Access Control Policy and Procedures <span>[AC-1]</span></div>
<div id="collapse147" class="collapse" aria-labelledby="heading147" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse150" aria-expanded="true" aria-controls="collapse150">
Requirement ASVS: Verify that access controls fail securely. <span>[4.8]</span></div>
<div id="collapse150" class="collapse" aria-labelledby="heading150" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse147" aria-expanded="true" aria-controls="collapse147">
Requirement: Access Control Policy and Procedures <span>[AC-1]</span></div>
<div id="collapse147" class="collapse" aria-labelledby="heading147" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse149" aria-expanded="true" aria-controls="collapse149">
Requirement: Access Control Decisions <span>[AC-24]</span></div>
<div id="collapse149" class="collapse" aria-labelledby="heading149" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse152" aria-expanded="true" aria-controls="collapse152">
Requirement ASVS: Verify that the same access control rules implied by the presentation layer are enforced on the server side. <span>[4.9]</span></div>
<div id="collapse152" class="collapse" aria-labelledby="heading152" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse151" aria-expanded="true" aria-controls="collapse151">
Requirement: Access Control Policy and Procedures <span>[AC-1]</span></div>
<div id="collapse151" class="collapse" aria-labelledby="heading151" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse154" aria-expanded="true" aria-controls="collapse154">
Requirement ASVS: Verify that the same access control rules implied by the presentation layer are enforced on the server side. <span>[4.9]</span></div>
<div id="collapse154" class="collapse" aria-labelledby="heading154" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse151" aria-expanded="true" aria-controls="collapse151">
Requirement: Access Control Policy and Procedures <span>[AC-1]</span></div>
<div id="collapse151" class="collapse" aria-labelledby="heading151" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse153" aria-expanded="true" aria-controls="collapse153">
Requirement: Access Control Decisions <span>[AC-24]</span></div>
<div id="collapse153" class="collapse" aria-labelledby="heading153" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse156" aria-expanded="true" aria-controls="collapse156">
Requirement ASVS: Verify that all user and data attributes and policy information used by access controls cannot be manipulated by end users unless specifically authorized. <span>[4.10]</span></div>
<div id="collapse156" class="collapse" aria-labelledby="heading156" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse155" aria-expanded="true" aria-controls="collapse155">
Requirement: Access Control Policy and Procedures <span>[AC-1]</span></div>
<div id="collapse155" class="collapse" aria-labelledby="heading155" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse158" aria-expanded="true" aria-controls="collapse158">
Requirement ASVS: Verify that all user and data attributes and policy information used by access controls cannot be manipulated by end users unless specifically authorized. <span>[4.10]</span></div>
<div id="collapse158" class="collapse" aria-labelledby="heading158" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse155" aria-expanded="true" aria-controls="collapse155">
Requirement: Access Control Policy and Procedures <span>[AC-1]</span></div>
<div id="collapse155" class="collapse" aria-labelledby="heading155" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse157" aria-expanded="true" aria-controls="collapse157">
Requirement: Account Management <span>[AC-2]</span></div>
<div id="collapse157" class="collapse" aria-labelledby="heading157" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse160" aria-expanded="true" aria-controls="collapse160">
Requirement ASVS: Verify that all user and data attributes and policy information used by access controls cannot be manipulated by end users unless specifically authorized. <span>[4.10]</span></div>
<div id="collapse160" class="collapse" aria-labelledby="heading160" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse155" aria-expanded="true" aria-controls="collapse155">
Requirement: Access Control Policy and Procedures <span>[AC-1]</span></div>
<div id="collapse155" class="collapse" aria-labelledby="heading155" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse157" aria-expanded="true" aria-controls="collapse157">
Requirement: Account Management <span>[AC-2]</span></div>
<div id="collapse157" class="collapse" aria-labelledby="heading157" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse159" aria-expanded="true" aria-controls="collapse159">
Requirement: Least Privilege <span>[AC-6]</span></div>
<div id="collapse159" class="collapse" aria-labelledby="heading159" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse162" aria-expanded="true" aria-controls="collapse162">
Requirement ASVS: Verify that there is a centralized mechanism (including libraries that call external authorization services) for protecting access to each type of protected resource. <span>[4.11]</span></div>
<div id="collapse162" class="collapse" aria-labelledby="heading162" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse161" aria-expanded="true" aria-controls="collapse161">
Requirement: Access Control Policy and Procedures <span>[AC-1]</span></div>
<div id="collapse161" class="collapse" aria-labelledby="heading161" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse164" aria-expanded="true" aria-controls="collapse164">
Requirement ASVS: Verify that there is a centralized mechanism (including libraries that call external authorization services) for protecting access to each type of protected resource. <span>[4.11]</span></div>
<div id="collapse164" class="collapse" aria-labelledby="heading164" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse161" aria-expanded="true" aria-controls="collapse161">
Requirement: Access Control Policy and Procedures <span>[AC-1]</span></div>
<div id="collapse161" class="collapse" aria-labelledby="heading161" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse163" aria-expanded="true" aria-controls="collapse163">
Requirement: Access Enforcement <span>[AC-3]</span></div>
<div id="collapse163" class="collapse" aria-labelledby="heading163" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse166" aria-expanded="true" aria-controls="collapse166">
Requirement ASVS: Verify that there is a centralized mechanism (including libraries that call external authorization services) for protecting access to each type of protected resource. <span>[4.11]</span></div>
<div id="collapse166" class="collapse" aria-labelledby="heading166" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse161" aria-expanded="true" aria-controls="collapse161">
Requirement: Access Control Policy and Procedures <span>[AC-1]</span></div>
<div id="collapse161" class="collapse" aria-labelledby="heading161" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse163" aria-expanded="true" aria-controls="collapse163">
Requirement: Access Enforcement <span>[AC-3]</span></div>
<div id="collapse163" class="collapse" aria-labelledby="heading163" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse165" aria-expanded="true" aria-controls="collapse165">
Requirement: Least Privilege <span>[AC-6]</span></div>
<div id="collapse165" class="collapse" aria-labelledby="heading165" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse168" aria-expanded="true" aria-controls="collapse168">
Requirement ASVS: Verify that all access control decisions can be logged and all failed decisions are logged. <span>[4.12]</span></div>
<div id="collapse168" class="collapse" aria-labelledby="heading168" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse167" aria-expanded="true" aria-controls="collapse167">
Requirement: Access Control Decisions <span>[AC-24]</span></div>
<div id="collapse167" class="collapse" aria-labelledby="heading167" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse170" aria-expanded="true" aria-controls="collapse170">
Requirement ASVS: Verify that all access control decisions can be logged and all failed decisions are logged. <span>[4.12]</span></div>
<div id="collapse170" class="collapse" aria-labelledby="heading170" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse167" aria-expanded="true" aria-controls="collapse167">
Requirement: Access Control Decisions <span>[AC-24]</span></div>
<div id="collapse167" class="collapse" aria-labelledby="heading167" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse169" aria-expanded="true" aria-controls="collapse169">
Requirement: Audit Events <span>[AU-2]</span></div>
<div id="collapse169" class="collapse" aria-labelledby="heading169" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse172" aria-expanded="true" aria-controls="collapse172">
Requirement ASVS: Verify that the application or framework uses strong random anti-CSRF tokens or has another transaction protection mechanism. <span>[4.13]</span></div>
<div id="collapse172" class="collapse" aria-labelledby="heading172" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse171" aria-expanded="true" aria-controls="collapse171">
Requirement: Configuration Settings <span>[CM-6]</span></div>
<div id="collapse171" class="collapse" aria-labelledby="heading171" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse174" aria-expanded="true" aria-controls="collapse174">
Requirement ASVS: Verify the system can protect against aggregate or continuous access of secured functions, resources, or data. For example, consider the use of a resource governor to limit the number of edits per hour or to prevent the entire database from being scraped by an individual user. <span>[4.14]</span></div>
<div id="collapse174" class="collapse" aria-labelledby="heading174" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse173" aria-expanded="true" aria-controls="collapse173">
Requirement: Data Mining Protection <span>[AC-23]</span></div>
<div id="collapse173" class="collapse" aria-labelledby="heading173" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse176" aria-expanded="true" aria-controls="collapse176">
Requirement ASVS: Verify the application has additional authorization (such as step up or adaptive authentication) for lower value systems, and / or segregation of duties for high value applications to enforce anti-fraud controls as per the risk of application and past fraud. <span>[4.15]</span></div>
<div id="collapse176" class="collapse" aria-labelledby="heading176" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse175" aria-expanded="true" aria-controls="collapse175">
Requirement: Adaptive Identification and Authentication <span>[IA-10]</span></div>
<div id="collapse175" class="collapse" aria-labelledby="heading175" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse178" aria-expanded="true" aria-controls="collapse178">
Requirement ASVS: Verify that the application correctly enforces context-sensitive authorisation so as to not allow unauthorised manipulation by means of parameter tampering. <span>[4.16]</span></div>
<div id="collapse178" class="collapse" aria-labelledby="heading178" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse177" aria-expanded="true" aria-controls="collapse177">
Requirement: Access Enforcement <span>[AC-3]</span></div>
<div id="collapse177" class="collapse" aria-labelledby="heading177" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse278" aria-expanded="true" aria-controls="collapse278">
Category: V5: Malicious input handling verification requirements <span></span></div>
<div id="collapse278" class="collapse" aria-labelledby="heading278" data-parent="#standardGroup">
<div class="card-body border-success"><div class="accordion" id="standards">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse181" aria-expanded="true" aria-controls="collapse181">
Requirement ASVS: Verify that the runtime environment is not susceptible to buffer overflows, or that security controls prevent buffer overflows. <span>[5.1]</span></div>
<div id="collapse181" class="collapse" aria-labelledby="heading181" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse180" aria-expanded="true" aria-controls="collapse180">
Requirement: Information Input Validation <span>[SI-10]</span></div>
<div id="collapse180" class="collapse" aria-labelledby="heading180" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse183" aria-expanded="true" aria-controls="collapse183">
Requirement ASVS: Verify that server side input validation failures result in request rejection and are logged. <span>[5.3]</span></div>
<div id="collapse183" class="collapse" aria-labelledby="heading183" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse182" aria-expanded="true" aria-controls="collapse182">
Requirement: Information Input Validation <span>[SI-10]</span></div>
<div id="collapse182" class="collapse" aria-labelledby="heading182" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse185" aria-expanded="true" aria-controls="collapse185">
Requirement ASVS: Verify that input validation routines are enforced on the server side. <span>[5.5]</span></div>
<div id="collapse185" class="collapse" aria-labelledby="heading185" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse184" aria-expanded="true" aria-controls="collapse184">
Requirement: Information Input Validation <span>[SI-10]</span></div>
<div id="collapse184" class="collapse" aria-labelledby="heading184" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse187" aria-expanded="true" aria-controls="collapse187">
Requirement ASVS: Verify that a single input validation control is used by the application for each type of data that is accepted. <span>[5.6]</span></div>
<div id="collapse187" class="collapse" aria-labelledby="heading187" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse186" aria-expanded="true" aria-controls="collapse186">
Requirement: System and Information Integrity Policy and Procedures <span>[SI-1]</span></div>
<div id="collapse186" class="collapse" aria-labelledby="heading186" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse189" aria-expanded="true" aria-controls="collapse189">
Requirement ASVS: Verify that a single input validation control is used by the application for each type of data that is accepted. <span>[5.6]</span></div>
<div id="collapse189" class="collapse" aria-labelledby="heading189" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse186" aria-expanded="true" aria-controls="collapse186">
Requirement: System and Information Integrity Policy and Procedures <span>[SI-1]</span></div>
<div id="collapse186" class="collapse" aria-labelledby="heading186" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse188" aria-expanded="true" aria-controls="collapse188">
Requirement: Information Input Validation <span>[SI-10]</span></div>
<div id="collapse188" class="collapse" aria-labelledby="heading188" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse191" aria-expanded="true" aria-controls="collapse191">
Requirement ASVS: Verify that all SQL queries, HQL, OSQL, NOSQL and stored procedures, calling of stored procedures are protected by the use of prepared statements or query parameterization, and thus not susceptible to SQL injection <span>[5.10]</span></div>
<div id="collapse191" class="collapse" aria-labelledby="heading191" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse190" aria-expanded="true" aria-controls="collapse190">
Requirement: System and Information Integrity Policy and Procedures <span>[SI-1]</span></div>
<div id="collapse190" class="collapse" aria-labelledby="heading190" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse193" aria-expanded="true" aria-controls="collapse193">
Requirement ASVS: Verify that all SQL queries, HQL, OSQL, NOSQL and stored procedures, calling of stored procedures are protected by the use of prepared statements or query parameterization, and thus not susceptible to SQL injection <span>[5.10]</span></div>
<div id="collapse193" class="collapse" aria-labelledby="heading193" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse190" aria-expanded="true" aria-controls="collapse190">
Requirement: System and Information Integrity Policy and Procedures <span>[SI-1]</span></div>
<div id="collapse190" class="collapse" aria-labelledby="heading190" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse192" aria-expanded="true" aria-controls="collapse192">
Requirement: Information Input Validation <span>[SI-10]</span></div>
<div id="collapse192" class="collapse" aria-labelledby="heading192" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse195" aria-expanded="true" aria-controls="collapse195">
Requirement ASVS: Verify that all SQL queries, HQL, OSQL, NOSQL and stored procedures, calling of stored procedures are protected by the use of prepared statements or query parameterization, and thus not susceptible to SQL injection <span>[5.10]</span></div>
<div id="collapse195" class="collapse" aria-labelledby="heading195" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse190" aria-expanded="true" aria-controls="collapse190">
Requirement: System and Information Integrity Policy and Procedures <span>[SI-1]</span></div>
<div id="collapse190" class="collapse" aria-labelledby="heading190" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse192" aria-expanded="true" aria-controls="collapse192">
Requirement: Information Input Validation <span>[SI-10]</span></div>
<div id="collapse192" class="collapse" aria-labelledby="heading192" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse194" aria-expanded="true" aria-controls="collapse194">
Requirement: Penetration Testing <span>[CA-8]</span></div>
<div id="collapse194" class="collapse" aria-labelledby="heading194" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse197" aria-expanded="true" aria-controls="collapse197">
Requirement ASVS: Verify that the application is not susceptible to LDAP Injection, or that security controls prevent LDAP Injection. <span>[5.11]</span></div>
<div id="collapse197" class="collapse" aria-labelledby="heading197" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse196" aria-expanded="true" aria-controls="collapse196">
Requirement: Information Input Validation <span>[SI-10]</span></div>
<div id="collapse196" class="collapse" aria-labelledby="heading196" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse199" aria-expanded="true" aria-controls="collapse199">
Requirement ASVS: Verify that the application is not susceptible to LDAP Injection, or that security controls prevent LDAP Injection. <span>[5.11]</span></div>
<div id="collapse199" class="collapse" aria-labelledby="heading199" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse196" aria-expanded="true" aria-controls="collapse196">
Requirement: Information Input Validation <span>[SI-10]</span></div>
<div id="collapse196" class="collapse" aria-labelledby="heading196" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse198" aria-expanded="true" aria-controls="collapse198">
Requirement: Penetration Testing <span>[CA-8]</span></div>
<div id="collapse198" class="collapse" aria-labelledby="heading198" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse201" aria-expanded="true" aria-controls="collapse201">
Requirement ASVS: Verify that the application is not susceptible to OS Command Injection, or that security controls prevent OS Command Injection. <span>[5.12]</span></div>
<div id="collapse201" class="collapse" aria-labelledby="heading201" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse200" aria-expanded="true" aria-controls="collapse200">
Requirement: Malicious Code Protection <span>[SI-3]</span></div>
<div id="collapse200" class="collapse" aria-labelledby="heading200" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse203" aria-expanded="true" aria-controls="collapse203">
Requirement ASVS: Verify that the application is not susceptible to OS Command Injection, or that security controls prevent OS Command Injection. <span>[5.12]</span></div>
<div id="collapse203" class="collapse" aria-labelledby="heading203" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse200" aria-expanded="true" aria-controls="collapse200">
Requirement: Malicious Code Protection <span>[SI-3]</span></div>
<div id="collapse200" class="collapse" aria-labelledby="heading200" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse202" aria-expanded="true" aria-controls="collapse202">
Requirement: Information Input Validation <span>[SI-10]</span></div>
<div id="collapse202" class="collapse" aria-labelledby="heading202" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse205" aria-expanded="true" aria-controls="collapse205">
Requirement ASVS: Verify that the application is not susceptible to OS Command Injection, or that security controls prevent OS Command Injection. <span>[5.12]</span></div>
<div id="collapse205" class="collapse" aria-labelledby="heading205" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse200" aria-expanded="true" aria-controls="collapse200">
Requirement: Malicious Code Protection <span>[SI-3]</span></div>
<div id="collapse200" class="collapse" aria-labelledby="heading200" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse202" aria-expanded="true" aria-controls="collapse202">
Requirement: Information Input Validation <span>[SI-10]</span></div>
<div id="collapse202" class="collapse" aria-labelledby="heading202" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse204" aria-expanded="true" aria-controls="collapse204">
Requirement: Penetration Testing <span>[CA-8]</span></div>
<div id="collapse204" class="collapse" aria-labelledby="heading204" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse207" aria-expanded="true" aria-controls="collapse207">
Requirement ASVS: Verify that the application is not susceptible to Remote File Inclusion (RFI) or Local File Inclusion (LFI) when content is used that is a path to a file. <span>[5.13]</span></div>
<div id="collapse207" class="collapse" aria-labelledby="heading207" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse206" aria-expanded="true" aria-controls="collapse206">
Requirement: Information Input Validation <span>[SI-10]</span></div>
<div id="collapse206" class="collapse" aria-labelledby="heading206" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse209" aria-expanded="true" aria-controls="collapse209">
Requirement ASVS: Verify that the application is not susceptible to Remote File Inclusion (RFI) or Local File Inclusion (LFI) when content is used that is a path to a file. <span>[5.13]</span></div>
<div id="collapse209" class="collapse" aria-labelledby="heading209" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse206" aria-expanded="true" aria-controls="collapse206">
Requirement: Information Input Validation <span>[SI-10]</span></div>
<div id="collapse206" class="collapse" aria-labelledby="heading206" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse208" aria-expanded="true" aria-controls="collapse208">
Requirement: Penetration Testing <span>[CA-8]</span></div>
<div id="collapse208" class="collapse" aria-labelledby="heading208" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse211" aria-expanded="true" aria-controls="collapse211">
Requirement ASVS: Verify that the application is not susceptible to common XML attacks, such as XPath query tampering, XML External Entity attacks, and XML injection attacks. <span>[5.14]</span></div>
<div id="collapse211" class="collapse" aria-labelledby="heading211" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse210" aria-expanded="true" aria-controls="collapse210">
Requirement: Information Input Validation <span>[SI-10]</span></div>
<div id="collapse210" class="collapse" aria-labelledby="heading210" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse213" aria-expanded="true" aria-controls="collapse213">
Requirement ASVS: Verify that the application is not susceptible to common XML attacks, such as XPath query tampering, XML External Entity attacks, and XML injection attacks. <span>[5.14]</span></div>
<div id="collapse213" class="collapse" aria-labelledby="heading213" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse210" aria-expanded="true" aria-controls="collapse210">
Requirement: Information Input Validation <span>[SI-10]</span></div>
<div id="collapse210" class="collapse" aria-labelledby="heading210" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse212" aria-expanded="true" aria-controls="collapse212">
Requirement: Penetration Testing <span>[CA-8]</span></div>
<div id="collapse212" class="collapse" aria-labelledby="heading212" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse215" aria-expanded="true" aria-controls="collapse215">
Requirement ASVS: Ensure that all string variables placed into HTML or other web client code is either properly contextually encoded manually, or utilize templates that automatically encode contextually to ensure the application is not susceptible to reflected, stored and DOM Cross-Site Scripting (XSS) attacks. <span>[5.15]</span></div>
<div id="collapse215" class="collapse" aria-labelledby="heading215" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse214" aria-expanded="true" aria-controls="collapse214">
Requirement: Information Input Validation <span>[SI-10]</span></div>
<div id="collapse214" class="collapse" aria-labelledby="heading214" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse217" aria-expanded="true" aria-controls="collapse217">
Requirement ASVS: Ensure that all string variables placed into HTML or other web client code is either properly contextually encoded manually, or utilize templates that automatically encode contextually to ensure the application is not susceptible to reflected, stored and DOM Cross-Site Scripting (XSS) attacks. <span>[5.15]</span></div>
<div id="collapse217" class="collapse" aria-labelledby="heading217" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse214" aria-expanded="true" aria-controls="collapse214">
Requirement: Information Input Validation <span>[SI-10]</span></div>
<div id="collapse214" class="collapse" aria-labelledby="heading214" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse216" aria-expanded="true" aria-controls="collapse216">
Requirement: Non-Persistance <span>[SI-14]</span></div>
<div id="collapse216" class="collapse" aria-labelledby="heading216" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse219" aria-expanded="true" aria-controls="collapse219">
Requirement ASVS: Ensure that all string variables placed into HTML or other web client code is either properly contextually encoded manually, or utilize templates that automatically encode contextually to ensure the application is not susceptible to reflected, stored and DOM Cross-Site Scripting (XSS) attacks. <span>[5.15]</span></div>
<div id="collapse219" class="collapse" aria-labelledby="heading219" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse214" aria-expanded="true" aria-controls="collapse214">
Requirement: Information Input Validation <span>[SI-10]</span></div>
<div id="collapse214" class="collapse" aria-labelledby="heading214" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse216" aria-expanded="true" aria-controls="collapse216">
Requirement: Non-Persistance <span>[SI-14]</span></div>
<div id="collapse216" class="collapse" aria-labelledby="heading216" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse218" aria-expanded="true" aria-controls="collapse218">
Requirement: Information Output Filtering <span>[SI-15]</span></div>
<div id="collapse218" class="collapse" aria-labelledby="heading218" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse221" aria-expanded="true" aria-controls="collapse221">
Requirement ASVS: Ensure that all string variables placed into HTML or other web client code is either properly contextually encoded manually, or utilize templates that automatically encode contextually to ensure the application is not susceptible to reflected, stored and DOM Cross-Site Scripting (XSS) attacks. <span>[5.15]</span></div>
<div id="collapse221" class="collapse" aria-labelledby="heading221" data-parent="#standards">
<div class="card-body border-success"><div class="accordion" id="controls">
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse214" aria-expanded="true" aria-controls="collapse214">
Requirement: Information Input Validation <span>[SI-10]</span></div>
<div id="collapse214" class="collapse" aria-labelledby="heading214" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle="collapse" data-target="#collapse216" aria-expanded="true" aria-controls="collapse216">
Requirement: Non-Persistance <span>[SI-14]</span></div>
<div id="collapse216" class="collapse" aria-labelledby="heading216" data-parent="#controls">
<div class="card-body border-success"></div>
</div>
</div>
<div class="card border-success"><div class="card-body border-successtext-success" type="button" data-toggle=