Blackboard should digitally sign installation files, including B2 war files, using a non-self-signed certificate.
Verifying the authenticity of the software prior to installation validates the integrity of the software received from a vendor. This ensures the software has not been tampered with and that it has been provided by a trusted vendor.
At a minimum, Blackboard should provide cryptographically secure file hash values for installation files and B2 war files using SHA256 or stronger algorithms.
(Reference DoD Application Server Security Requirements Guide::VulnID: V-57495)
|Product Version (if applicable):||0|