Configure Application Programming Interfaces in accordance with organizational standards.
CONTROL ID 12170
CONTROL TYPE Configuration
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Establish, implement, and maintain system hardening procedures., CC ID: 12001
This Control has the following implementation support Control(s):
Configure Application Programming Interfaces to enforce authentication., CC ID: 12172
Configure Application Programming Interfaces to employ strong cryptography., CC ID: 12171
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
Application programming interfaces (APIs) enable various software applications to communicate and interact with each other and exchange data. Open APIs are publicly available APIs that provide developers with programmatic access to a software application or web service. FIs may collaborate with FinT… (§ 6.4.1, Technology Risk Management Guidelines, January 2021)
Security standards for designing and developing secure APIs should be established. The standards should include the measures to protect the API keys or access tokens, which are used to authorise access to APIs to exchange confidential data. A reasonable timeframe should be defined and enforced for a… (§ 6.4.4, Technology Risk Management Guidelines, January 2021)
Security controls for the use of application programming interfaces (API). (V Action Summary ¶ 2 Bullet 8, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
Implements API security tools and gateways with controls for requests and responses. (App A Objective 13:6i Bullet 3, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
