STIGQter: STIG Summary: Web Server Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 26 Apr 2019:

A web server that is part of a web server cluster must route all remote management through a centrally managed access control point.

DISA Rule

SV-70211r2_rule

Vulnerability Number

V-55957

Group Title

SRG-APP-000356-WSR-000007

Rule Version

SRG-APP-000356-WSR-000007

Severity

CAT II

CCI(s)

• CCI-001844 - The information system provides centralized management and configuration of the content to be captured in audit records generated by organization-defined information system components.

Weight

10

Fix Recommendation

Configure the web server to be centrally managed.

Check Contents

Review the web server documentation and configuration to determine if the web server is part of a cluster.

If the web server is not part of a cluster, then this is NA.

If the web server is part of a cluster and is not centrally managed, then this is a finding.

Vulnerability Number

V-55957

Documentable

False

Rule Version

SRG-APP-000356-WSR-000007

Severity Override Guidance

Review the web server documentation and configuration to determine if the web server is part of a cluster.

If the web server is not part of a cluster, then this is NA.

If the web server is part of a cluster and is not centrally managed, then this is a finding.

Check Content Reference

M

Target Key

2557

Comments