STIGQter: STIG Summary: Web Server Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 26 Apr 2019:

A web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.

DISA Rule

SV-70265r2_rule

Vulnerability Number

V-56011

Group Title

SRG-APP-000439-WSR-000156

Rule Version

SRG-APP-000439-WSR-000156

Severity

CAT II

CCI(s)

• CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.

Weight

10

Fix Recommendation

Configure the web server to use an approved TLS version according to NIST SP 800-52 and to disable all non-approved versions.

Check Contents

Review the web server documentation and deployed configuration to determine which version of TLS is being used.

If the TLS version is not an approved version according to NIST SP 800-52 or non-FIPS-approved algorithms are enabled, this is a finding.

Vulnerability Number

V-56011

Documentable

False

Rule Version

SRG-APP-000439-WSR-000156

Severity Override Guidance

Review the web server documentation and deployed configuration to determine which version of TLS is being used.

If the TLS version is not an approved version according to NIST SP 800-52 or non-FIPS-approved algorithms are enabled, this is a finding.

Check Content Reference

M

Target Key

2557

Comments