STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:

A web server installation must be segregated from other services.

DISA Rule

SV-33070r1_rule

Vulnerability Number

V-6577

Group Title

WG204

Rule Version

WG204 W22

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Move or install additional services and applications to partitions that are not the operating system root, web server root, or web document root.

Check Contents

Request a copy of and review the web server’s installation and configuration plan. Ensure that the server is in compliance with this plan. If the server is not in compliance with the plan, this is a finding.

Query the SA to ascertain if and where the additional services are installed.

Confirm that the additional service or application is not installed on the same partition as the operating systems root, web server root, or web document root. If it is, this is a finding.

Vulnerability Number

V-6577

Documentable

False

Rule Version

WG204 W22

Severity Override Guidance

Request a copy of and review the web server’s installation and configuration plan. Ensure that the server is in compliance with this plan. If the server is not in compliance with the plan, this is a finding.

Query the SA to ascertain if and where the additional services are installed.

Confirm that the additional service or application is not installed on the same partition as the operating systems root, web server root, or web document root. If it is, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

158

Comments