STIGQter: STIG Summary: Web Server Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 26 Apr 2019:

The web server must use cryptographic modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

DISA Rule

SV-54323r3_rule

Vulnerability Number

V-41746

Group Title

SRG-APP-000179-WSR-000111

Rule Version

SRG-APP-000179-WSR-000111

Severity

CAT II

CCI(s)

• CCI-000803 - The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Weight

10

Fix Recommendation

Configure the web server to utilize FIPS 140-2 approved encryption modules when authenticating users and processes.

Check Contents

Review web server documentation and deployed configuration to determine whether the encryption modules utilized for authentication are FIPS 140-2 compliant. Reference the following NIST site to identify validated encryption modules: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm

If the encryption modules used for authentication are not FIPS 140-2 validated, this is a finding.

Vulnerability Number

V-41746

Documentable

False

Rule Version

SRG-APP-000179-WSR-000111

Severity Override Guidance

Review web server documentation and deployed configuration to determine whether the encryption modules utilized for authentication are FIPS 140-2 compliant. Reference the following NIST site to identify validated encryption modules: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm

If the encryption modules used for authentication are not FIPS 140-2 validated, this is a finding.

Check Content Reference

M

Target Key

2557

Comments