STIGQter: STIG Summary: Web Server Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 26 Apr 2019:

The web server must be configurable to integrate with an organizations security infrastructure.

DISA Rule

SV-70225r2_rule

Vulnerability Number

V-55971

Group Title

SRG-APP-000358-WSR-000163

Rule Version

SRG-APP-000358-WSR-000163

Severity

CAT II

CCI(s)

• CCI-001851 - The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.

Weight

10

Fix Recommendation

Configure the web server to send logged events to the organization's security infrastructure tool that offers review and alert capabilities.

Check Contents

Review the web server documentation and deployed configuration to determine whether the web server is logging security-relevant events.

Determine whether there is a security tool in place that allows review and alert capabilities and whether the web server is sending events to this system.

If the web server is not, this is a finding.

Vulnerability Number

V-55971

Documentable

False

Rule Version

SRG-APP-000358-WSR-000163

Severity Override Guidance

Review the web server documentation and deployed configuration to determine whether the web server is logging security-relevant events.

Determine whether there is a security tool in place that allows review and alert capabilities and whether the web server is sending events to this system.

If the web server is not, this is a finding.

Check Content Reference

M

Target Key

2557

Comments