STIGQter STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:

The web server service password(s) must be entrusted to the SA or Web Manager.

DISA Rule

SV-33048r1_rule

Vulnerability Number

V-2232

Group Title

WG050

Rule Version

WG050 W22

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Ensure the SA or Web Manager is entrusted with the web service(s) password.

Check Contents

The reviewer should make a note of the name of the account being used for the web service. There may also be other server services running related to the web server in support of a particular web application, these passwords must be entrusted to the SA or Web Manager as well.

Query the SA or Web Manager to determine if they have the web service password(s).

If the web services password(s) are not entrusted to the SA or Web Manager, this is a finding.

NOTE: For installations that use the LocalService or NetworkService accounts, the password is OS generated, so the SA or Web Manager having an Admin account on the system would meet the intent of this check.

Vulnerability Number

V-2232

Documentable

False

Rule Version

WG050 W22

Severity Override Guidance

The reviewer should make a note of the name of the account being used for the web service. There may also be other server services running related to the web server in support of a particular web application, these passwords must be entrusted to the SA or Web Manager as well.

Query the SA or Web Manager to determine if they have the web service password(s).

If the web services password(s) are not entrusted to the SA or Web Manager, this is a finding.

NOTE: For installations that use the LocalService or NetworkService accounts, the password is OS generated, so the SA or Web Manager having an Admin account on the system would meet the intent of this check.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

158

Comments