STIGQter: STIG Summary: APACHE 2.2 Site for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:

Web Administrators must only use encrypted connections for Document Root directory uploads.

DISA Rule

SV-33024r1_rule

Vulnerability Number

V-13686

Group Title

WG235

Rule Version

WG235 A22

Severity

CAT I

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Use only secure encrypted logons and connections for uploading files to the web site.

Check Contents

Determine if there is a process for the uploading of files to the web site. This process should include the requirement for the use of a secure encrypted logon and secure encrypted connection. If the remote users are uploading files without utilizing approved encryption methods, this is a finding.

Vulnerability Number

V-13686

Documentable

False

Rule Version

WG235 A22

Severity Override Guidance

Determine if there is a process for the uploading of files to the web site. This process should include the requirement for the use of a secure encrypted logon and secure encrypted connection. If the remote users are uploading files without utilizing approved encryption methods, this is a finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

161

Comments