STIGQter STIGQter: STIG Summary: APACHE SITE 2.0 for Windows Version: 1 Release: 5 Benchmark Date: 23 Oct 2015: A private web server must have a valid DoD server certificate.

DISA Rule

SV-33141r1_rule

Vulnerability Number

V-2263

Group Title

WG350

Rule Version

WG350 W22

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the private web site to use a valid DoD certificate.

Check Contents

Open browser window and browse to the appropriate site. Before entry to the site, you should be presented with the server's DoD PKI credentials. Review these credentials for authenticity.

Find an entry which cites:

Issuer:
CN = DOD CLASS 3 CA-3
OU = PKI
OU = DoD
O = U.S. Government
C = US

If the server is running as a public web server, this finding should be Not Applicable.

NOTE: In some cases, the web servers are configured in an environment to support load balancing. This configuration most likely utilizes a content switch to control traffic to the various web servers. In this situation, the SSL certificate for the web sites may be installed on the content switch vs. the individual web sites. This solution is acceptable as long as the web servers are isolated from the general population LAN. Users should not have the ability to bypass the content switch to access the web sites.

Vulnerability Number

V-2263

Documentable

False

Rule Version

WG350 W22

Severity Override Guidance

Open browser window and browse to the appropriate site. Before entry to the site, you should be presented with the server's DoD PKI credentials. Review these credentials for authenticity.

Find an entry which cites:

Issuer:
CN = DOD CLASS 3 CA-3
OU = PKI
OU = DoD
O = U.S. Government
C = US

If the server is running as a public web server, this finding should be Not Applicable.

NOTE: In some cases, the web servers are configured in an environment to support load balancing. This configuration most likely utilizes a content switch to control traffic to the various web servers. In this situation, the SSL certificate for the web sites may be installed on the content switch vs. the individual web sites. This solution is acceptable as long as the web servers are isolated from the general population LAN. Users should not have the ability to bypass the content switch to access the web sites.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

2100

Comments