STIGQter: STIG Summary: Web Server Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 26 Apr 2019:

Web server accounts not utilized by installed features (i.e., tools, utilities, specific services, etc.) must not be created and must be deleted when the web server feature is uninstalled.

DISA Rule

SV-54273r3_rule

Vulnerability Number

V-41696

Group Title

SRG-APP-000141-WSR-000078

Rule Version

SRG-APP-000141-WSR-000078

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Use the web server uninstall facility or manually remove the user accounts not used by the installed web server features.

Check Contents

Review the web server documentation to determine the user accounts created when particular features are installed.

Verify the deployed configuration to determine which features are installed with the web server.

If any accounts exist that are not used by the installed features, this is a finding.

Vulnerability Number

V-41696

Documentable

False

Rule Version

SRG-APP-000141-WSR-000078

Severity Override Guidance

Review the web server documentation to determine the user accounts created when particular features are installed.

Verify the deployed configuration to determine which features are installed with the web server.

If any accounts exist that are not used by the installed features, this is a finding.

Check Content Reference

M

Target Key

2557

Comments