STIGQter: STIG Summary: Web Server Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 26 Apr 2019:

The web server must employ cryptographic mechanisms (TLS/DTLS/SSL) preventing the unauthorized disclosure of information during transmission.

DISA Rule

SV-70255r2_rule

Vulnerability Number

V-56001

Group Title

SRG-APP-000439-WSR-000151

Rule Version

SRG-APP-000439-WSR-000151

Severity

CAT II

CCI(s)

• CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.

Weight

10

Fix Recommendation

Configure the web server to encrypt the transmission of data between the web server and external devices.

Check Contents

Review the web server documentation and deployed configuration to determine whether the transmission of data between the web server and external devices is encrypted.

If the web server does not encrypt the transmission, this is a finding.

Vulnerability Number

V-56001

Documentable

False

Rule Version

SRG-APP-000439-WSR-000151

Severity Override Guidance

Review the web server documentation and deployed configuration to determine whether the transmission of data between the web server and external devices is encrypted.

If the web server does not encrypt the transmission, this is a finding.

Check Content Reference

M

Target Key

2557

Comments