STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019: STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:SV-33048r1_rule
V-2232
WG050
WG050 W22
CAT II
10
Ensure the SA or Web Manager is entrusted with the web service(s) password.
The reviewer should make a note of the name of the account being used for the web service. There may also be other server services running related to the web server in support of a particular web application, these passwords must be entrusted to the SA or Web Manager as well.
Query the SA or Web Manager to determine if they have the web service password(s).
If the web services password(s) are not entrusted to the SA or Web Manager, this is a finding.
NOTE: For installations that use the LocalService or NetworkService accounts, the password is OS generated, so the SA or Web Manager having an Admin account on the system would meet the intent of this check.
V-2232
False
WG050 W22
The reviewer should make a note of the name of the account being used for the web service. There may also be other server services running related to the web server in support of a particular web application, these passwords must be entrusted to the SA or Web Manager as well.
Query the SA or Web Manager to determine if they have the web service password(s).
If the web services password(s) are not entrusted to the SA or Web Manager, this is a finding.
NOTE: For installations that use the LocalService or NetworkService accounts, the password is OS generated, so the SA or Web Manager having an Admin account on the system would meet the intent of this check.
M
Web Administrator
158