Tanzu Application Service (TAS for VMs) is compliant with this control. TAS for VMs supports the use of TLS for all externally accessible entry points. OAuth 2 tokens are used for maintenance of Cloud Controller API sessions, and also to implement SSO to application instances.
Internal to the deployment, TAS for VMs uses both TLS and IPsec. For communications protected via IPsec, the IKEv2 protocol provides SA establishment. Authentication of IPsec peers is via X.509 certificates.
Direct operator access to a TAS for VMs VM host or application container is protected with the SSH protocol. SSH client authentication is implemented via a public/private key pair.
The information system protects the authenticity of communications sessions.
This control addresses communications protection at the session, versus packet level (e.g., sessions in service-oriented architectures providing web-based services) and establishes grounds for confidence at both ends of communications sessions in ongoing identities of other parties and in the validity of information transmitted. Authenticity protection includes, for example, protecting against man-in-the-middle attacks/session hijacking and the insertion of false information into sessions.