STIGQter: STIG Summary: VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

Lighttpd must only contain components that are operationally necessary.

DISA Rule

SV-99909r1_rule

Vulnerability Number

V-89259

Group Title

SRG-APP-000141-WSR-000077

Rule Version

VRAU-LI-000170

Severity

CAT I

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Delete or remove any documentation, sample code, example applications, tutorials and any components that are not operationally necessary.

Check Contents

Obtain supporting documentation from the ISSO.

Determine if web server documentation, sample code, example applications, or tutorials has been deleted or removed and only contains components that are operationally necessary.

If web server documentation, sample code, example applications, or tutorials has not been deleted or removed and contains components that are not operationally necessary, this is a finding.

Vulnerability Number

V-89259

Documentable

False

Rule Version

VRAU-LI-000170

Severity Override Guidance

Obtain supporting documentation from the ISSO.

Determine if web server documentation, sample code, example applications, or tutorials has been deleted or removed and only contains components that are operationally necessary.

If web server documentation, sample code, example applications, or tutorials has not been deleted or removed and contains components that are not operationally necessary, this is a finding.

Check Content Reference

M

Target Key

3457

Comments