Note: Requirements 6.5.7 through 6.5.10, below, apply to web applications and application interfaces (internal or external):
Web applications, both internally and externally (public) facing, have unique security risks based upon their architecture as well as the relative ease and occurrence of compromise.