STIGQter: STIG Summary: Web Server Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 26 Apr 2019:

The web server must use encryption strength in accordance with the categorization of data hosted by the web server when remote connections are provided.

DISA Rule

SV-53037r3_rule

Vulnerability Number

V-40800

Group Title

SRG-APP-000014-WSR-000006

Rule Version

SRG-APP-000014-WSR-000006

Severity

CAT II

CCI(s)

• CCI-000068 - The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions.

Weight

10

Fix Recommendation

Configure the web server to use encryption strength equal to the categorization of data hosted when remote connections are provided.

Check Contents

Review the web server documentation and configuration to determine the communication methods that are being used.

Verify the encryption being used is in accordance with the categorization of data being hosted when remote connections are provided.

If it is not, then this is a finding.

Vulnerability Number

V-40800

Documentable

False

Rule Version

SRG-APP-000014-WSR-000006

Severity Override Guidance

Review the web server documentation and configuration to determine the communication methods that are being used.

Verify the encryption being used is in accordance with the categorization of data being hosted when remote connections are provided.

If it is not, then this is a finding.

Check Content Reference

M

Target Key

2557

Comments