STIGQter STIGQter: STIG Summary: Apache Server 2.4 Windows Site Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jan 2020: An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.

DISA Rule

SV-102677r1_rule

Vulnerability Number

V-92589

Group Title

SRG-APP-000014-WSR-000006

Rule Version

AS24-W2-000890

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Ensure the "SSLProtocol" is added and looks like the following in the <'INSTALLED PATH'>\conf\httpd.conf file:

SSLProtocol -ALL +TLSv1.2

Ensure the "SSLEngine" parameter is set to "ON" inside the "VirtualHost" directive.

Check Contents

In a command line, navigate to "<'INSTALLED PATH'>\bin". Run "httpd -M" to view a list of installed modules.

If the module "mod_ssl" is not enabled, this is a finding.

Review the <'INSTALLED PATH'>\conf\httpd.conf file to determine if the "SSLProtocol" directive exists and looks like the following:

SSLProtocol -ALL +TLSv1.2

If the directive does not exist and does not contain "-ALL +TLSv1.2", this is a finding.

Vulnerability Number

V-92589

Documentable

False

Rule Version

AS24-W2-000890

Severity Override Guidance

In a command line, navigate to "<'INSTALLED PATH'>\bin". Run "httpd -M" to view a list of installed modules.

If the module "mod_ssl" is not enabled, this is a finding.

Review the <'INSTALLED PATH'>\conf\httpd.conf file to determine if the "SSLProtocol" directive exists and looks like the following:

SSLProtocol -ALL +TLSv1.2

If the directive does not exist and does not contain "-ALL +TLSv1.2", this is a finding.

Check Content Reference

M

Target Key

3419

Comments