STIGQter: STIG Summary: APACHE 2.2 Site for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:

Private web servers must require certificates issued from a DoD-authorized Certificate Authority.

DISA Rule

SV-33019r1_rule

Vulnerability Number

V-6531

Group Title

WG140

Rule Version

WG140 A22

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Edit the httpd.conf file and set the value of SSLVerifyClient to "require".

Check Contents

To view the SSLVerifyClient value enter the following command:

grep "SSLVerifyClient" /usr/local/apache2/conf/httpd.conf.

If the value of SSLVerifyClient is not set to “require”, this is a finding.

Vulnerability Number

V-6531

Documentable

False

Rule Version

WG140 A22

Severity Override Guidance

Check Content Reference

Responsibility

Web Administrator

Target Key

161

Private web servers must require certificates issued from a DoD-authorized Certificate Authority.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments