STIGQter: STIG Summary: APACHE 2.2 Site for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:

Web Administrators must only use encrypted connections for Document Root directory uploads.

DISA Rule

SV-33131r1_rule

Vulnerability Number

V-13686

Group Title

WG235

Rule Version

WG235 W22

Severity

CAT I

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Use only secure encrypted logons and connections for uploading files to the web site.

Check Contents

Query the SA to determine if there is a process for the uploading of files to the web site. This process should include the requirement for the use of a secure encrypted logon and secure encrypted connection.

If the remote users are uploading files without utilizing approved encryption methods, this is a finding.

Vulnerability Number

V-13686

Documentable

False

Rule Version

WG235 W22

Severity Override Guidance

Query the SA to determine if there is a process for the uploading of files to the web site. This process should include the requirement for the use of a secure encrypted logon and secure encrypted connection.

If the remote users are uploading files without utilizing approved encryption methods, this is a finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

161

Comments