You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: 5.0/en/0x22-V13-Config.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -29,7 +29,7 @@ Note that the "Secure Communication" chapter provides guidance for encryption in
29
29
|**13.2.1**| Verify that communications between backend application components that don't support the application's standard user session mechanism, including APIs, middleware, and data layers, are authenticated. Authentication must use individual service accounts, short-term tokens, or certificate-based authentication and not unchanging credentials such as passwords, API keys, or shared accounts with privileged access. | 2 | v5.0.be-14.7.1 |
30
30
|**13.2.2**| Verify that communications between backend application components, including local or operating system services, APIs, middleware, and data layers, are performed with accounts assigned the least necessary privileges. | 2 | v5.0.be-14.7.5 |
31
31
|**13.2.3**| Verify that if a credential has to be used for service authentication, the credential being used by the consumer is not a default credential (e.g., root/root or admin/admin). | 2 | v5.0.be-14.7.2 |
32
-
|**13.2.4**| Verify that, if the application allows changing configurations around credentials or connection parameters for integrations with databases and services, they are protected by extra controls such as authenticating again with at least one factor or multi-user approval. | 2 | v5.0.be-14.7.3 |
32
+
|**13.2.4**| Verify that an allowlist is used to define the external resources or systems with which the application is permitted to communicate (e.g., for outbound requests, data loads, or file access). This allowlist can be implemented at the application layer, web server, firewall, or a combination of different layers. | 2 | v5.0.be-14.7.3 |
33
33
|**13.2.5**| Verify that the web or application server is configured with an allowlist of resources or systems to which the server can send requests or load data or files from. | 2 | v5.0.be-14.7.4 |
34
34
|**13.2.6**| Verify that where the application connects to separate services, it follows the documented configuration for each connection, such as maximum parallel connections, behavior when maximum allowed connections is reached, connection timeouts, and retry strategies. | 3 | v5.0.be-14.7.6 |
0 commit comments