STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019: STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:SV-36489r4_rule
V-2235
WG060
WG060 W22
CAT II
10
Ensure that the service account IDs used to run the web server and sites are documented and have their passwords changed at least annually.
Interview the ISSO and confirm with the SA, the Web Manager, or the individual in an equivalent role. Ask for the web server’s documented procedures and processes.
Verify the documented procedures and processes identify web server related service accounts, which services are related to web server operations and include a policy requiring service account passwords to be change at least annually.
If the documented procedures and processes do not identify web server related service accounts, which services are related to web server operations and include a policy requiring service account passwords to be change at least annually, this is a finding.
V-2235
False
WG060 W22
Interview the ISSO and confirm with the SA, the Web Manager, or the individual in an equivalent role. Ask for the web server’s documented procedures and processes.
Verify the documented procedures and processes identify web server related service accounts, which services are related to web server operations and include a policy requiring service account passwords to be change at least annually.
If the documented procedures and processes do not identify web server related service accounts, which services are related to web server operations and include a policy requiring service account passwords to be change at least annually, this is a finding.
M
Web Administrator
158