Requirements

CUIT Implementation - Requirements

• Provide listing of all domain names used to access the application; Ensure all domains are owned by Columbia

• Provide listing of any alternate DNS record types for application domains

• Provide list of all non-web ports served off the domain name

• Ensure minimum encryption protocol of TLS 1.2

• Ensure all application transactions complete within 300 seconds (application timeout)

• Ensure application has a valid certificate and includes any vanity domain names as the Common Name or SAN

• Ensure client supports Server Name Indication (SNI)

• Contact information for the group responsible for maintaining the application

CUIT Implementation - API Requirements for Allowlisting Legitimate Automated Traffic

• hostname/domain where endpoint resides

• path of endpoint

• source IP connecting to endpoint

• user agent of valid traffic

• referer

• request method

• query strings

• x-forwarded-for value

• or other unique header values for the application

Programing the information above into the WAF will block automated traffic from malicious sources and your legitimate, automated requests will be allowlisted.

*PLEASE NOTE:  All sites protected by Cloudflare are subject to periodic application security scanning by CUIT