STIGQter: STIG Summary: Web Server Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 26 Apr 2019:

Non-privileged accounts on the hosting system must only access web server security-relevant information and functions through a distinct administrative account.

DISA Rule

SV-70201r2_rule

Vulnerability Number

V-55947

Group Title

SRG-APP-000340-WSR-000029

Rule Version

SRG-APP-000340-WSR-000029

Severity

CAT II

CCI(s)

• CCI-002235 - The information system prevents non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

Weight

10

Fix Recommendation

Set up accounts and roles that can be used to perform web server security-relevant tasks and remove or modify non-privileged account access to security-relevant tasks.

Check Contents

Review the web server documentation and configuration to determine if accounts used for administrative duties of the web server are separated from non-privileged accounts.

If non-privileged accounts can access web server security-relevant information, this is a finding.

Vulnerability Number

V-55947

Documentable

False

Rule Version

SRG-APP-000340-WSR-000029

Severity Override Guidance

Review the web server documentation and configuration to determine if accounts used for administrative duties of the web server are separated from non-privileged accounts.

If non-privileged accounts can access web server security-relevant information, this is a finding.

Check Content Reference

M

Target Key

2557

Comments