STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

Only authenticated system administrators or the designated PKI Sponsor for the application server must have access to the web servers private key.

DISA Rule

SV-204755r508029_rule

Vulnerability Number

V-204755

Group Title

SRG-APP-000176

Rule Version

SRG-APP-000176-AS-000125

Severity

CAT II

CCI(s)

• CCI-000186 - The information system, for PKI-based authentication, enforces authorized access to the corresponding private key.

Weight

10

Fix Recommendation

Configure the application server to enforce authorized access to the corresponding private key.

Check Contents

Review application server configuration and documentation to ensure the application server enforces authorized access to the corresponding private key.

If the application server is not configured to enforce authorized access to the corresponding private key, this is a finding.

Vulnerability Number

V-204755

Documentable

False

Rule Version

SRG-APP-000176-AS-000125

Severity Override Guidance

Review application server configuration and documentation to ensure the application server enforces authorized access to the corresponding private key.

If the application server is not configured to enforce authorized access to the corresponding private key, this is a finding.

Check Content Reference

M

Target Key

2900

Comments