STIGQter STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:

A public web server, if hosted on the NIPRNet, must be isolated in an accredited DoD DMZ Extension.

DISA Rule

SV-33012r2_rule

Vulnerability Number

V-2242

Group Title

WA060

Rule Version

WA060 W22

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Logically relocate the public web server to be isolated from internal systems. In addition, ensure the public web server does not have trusted connections with assets outside the confines of the demilitarized zone (DMZ) other than application and/or database servers that are a part of the same system as the web server.

Check Contents

Interview the SA or web administrator to see where the public web server is logically located in the data center. Review the site’s network diagram to see how the web server is connected to the LAN. Visually check the web server hardware connections to see if it conforms to the site’s network diagram. An improperly located public web server is a potential threat to the entire network. If the web server is not isolated in an accredited DoD DMZ Extension, this is a finding.

Vulnerability Number

V-2242

Documentable

False

Rule Version

WA060 W22

Severity Override Guidance

Interview the SA or web administrator to see where the public web server is logically located in the data center. Review the site’s network diagram to see how the web server is connected to the LAN. Visually check the web server hardware connections to see if it conforms to the site’s network diagram. An improperly located public web server is a potential threat to the entire network. If the web server is not isolated in an accredited DoD DMZ Extension, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

158

Comments