|
|
API Gateway |
SC-13: Cryptographic Protection |
|
|
API Gateway |
SC-6: Resource Availability |
|
|
API Gateway |
CM-7: Least Functionality |
|
|
API Gateway |
AU-2: Event Logging |
|
|
API Gateway |
AC-3: Access Enforcement |
|
|
API Gateway |
SI-10: Information Input Validation |
|
|
API Gateway |
SI-3: Malicious Code Protection |
|
|
API Gateway |
AC-4: Information Flow Enforcement |
| HTTPS (Internal token) |
|
API Gateway |
API endpoint |
| HTTPS (External token) |
|
API Gateway |
Token Service |
|
|
NORA-2: DMZ (Demilitarized Zone) |
API Gateway |
| HTTPS (External token) |
|
WAF |
API Gateway |