STIGQter: STIG Summary: Web Server Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 26 Apr 2019:

All accounts installed with the web server software and tools must have passwords assigned and default passwords changed.

DISA Rule

SV-70241r2_rule

Vulnerability Number

V-55987

Group Title

SRG-APP-000516-WSR-000079

Rule Version

SRG-APP-000516-WSR-000079

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Set passwords for non-service/system accounts containing no passwords and change the passwords for accounts which still have default passwords.

Check Contents

Review the web server documentation and deployment configuration to determine what non-service/system accounts were installed by the web server installation process.

Verify the passwords for these accounts have been set and/or changed from the default passwords.

If these accounts still have no password or default passwords, this is a finding.

Vulnerability Number

V-55987

Documentable

False

Rule Version

SRG-APP-000516-WSR-000079

Severity Override Guidance

Review the web server documentation and deployment configuration to determine what non-service/system accounts were installed by the web server installation process.

Verify the passwords for these accounts have been set and/or changed from the default passwords.

If these accounts still have no password or default passwords, this is a finding.

Check Content Reference

M

Target Key

2557

Comments