Security Enhancements

Security Enhancements

This section lists enhancements introduced to support Cisco Product Security Requirements and the Product Security Baseline (PSB). For more information about Cisco Product Security Requirements, refer to: https://www.cisco.com/c/en/us/about/security-center/security-programs/secure-development-lifecycle/sdl-process.html

PSB Requirements for GUI

Feature Summary and Revision History

Table 1. Summary Data

Applicable Product(s) or Functional Area

CPS

Applicable Platform(s)

Not Applicable

Default Setting

Enabled - Always-on

Related Changes in This Release

Not Applicable

Related Documentation

Not Applicable
Table 2. Revision History

Revision Details

Release

First introduced

19.4.0

SEC-WEB-CLCKJACK-2: Prevent Click-Jacking

CPS web applications, Policy Builder, Control Center, and Central are now protected against click-jacking (SEC-WEB-CLCKJACK-2: Prevent Click-Jacking) attacks to prevent coerced user actions.

Click-jacking is a type of attack wherein the attacker tricks a user to click a button or link which is not visible to them and either redirecting them to attacker-controlled website or do an action that victim is not aware of. Therefore, the attacker is hijacking victim's click.


Note
If the Policy Builder, Control Center, and Central applications are embedded to an iframe, then these applications fail to load and display the following message: 
Blocked by Content Security Policy