|
|
WAF |
AC-4(25): Information Flow Enforcement | Data Sanitization |
|
|
WAF |
SC-5: Denial-of-service Protection |
|
|
WAF |
AC-12: Session Termination |
|
|
WAF |
SI-3: Malicious Code Protection |
|
|
WAF |
CM-7: Least Functionality |
|
|
WAF |
SC-13: Cryptographic Protection |
|
|
WAF |
AU-2: Event Logging |
| HTTPS (External token) |
|
WAF |
API Gateway |
|
|
NORA-2: DMZ (Demilitarized Zone) |
WAF |
| HTTPS (External token) |
|
Client application |
WAF |