STIGQter: STIG Summary: Web Server Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 26 Apr 2019:

The web server must provide install options to exclude the installation of documentation, sample code, example applications, and tutorials.

DISA Rule

SV-54272r3_rule

Vulnerability Number

V-41695

Group Title

SRG-APP-000141-WSR-000077

Rule Version

SRG-APP-000141-WSR-000077

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Use the web server uninstall facility or manually remove any documentation, sample code, example applications, and tutorials.

Check Contents

Review the web server documentation and deployment configuration to determine if the web server contains documentation, sample code, example applications, or tutorials.

Verify the web server install process also offers an option to exclude these elements from installation and provides an uninstall option for their removal.

If web server documentation, sample code, example applications, or tutorials are installed or the web server install process does not offer an option to exclude these elements from installation, this is a finding.

Vulnerability Number

V-41695

Documentable

False

Rule Version

SRG-APP-000141-WSR-000077

Severity Override Guidance

Review the web server documentation and deployment configuration to determine if the web server contains documentation, sample code, example applications, or tutorials.

Verify the web server install process also offers an option to exclude these elements from installation and provides an uninstall option for their removal.

If web server documentation, sample code, example applications, or tutorials are installed or the web server install process does not offer an option to exclude these elements from installation, this is a finding.

Check Content Reference

M

Target Key

2557

Comments