STIGQter: STIG Summary: Web Server Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 26 Apr 2019:

The web server must encrypt user identifiers and passwords.

DISA Rule

SV-70285r2_rule

Vulnerability Number

V-56031

Group Title

SRG-APP-000429-WSR-000113

Rule Version

SRG-APP-000429-WSR-000113

Severity

CAT II

CCI(s)

• CCI-002476 - The information system implements cryptographic mechanisms to prevent unauthorized disclosure of organization-defined information at rest on organization-defined information system components.

Weight

10

Fix Recommendation

Configure the web server to encrypt the user identifiers and passwords when storing them on digital media.

Check Contents

Review the web server documentation and deployed configuration to determine whether the web server is authorizing and managing users.

If the web server is not authorizing and managing users, this is NA.

If the web server is the user authenticator and manager, verify that stored user identifiers and passwords are being encrypted by the web server. If the user information is not being encrypted when stored, this is a finding.

Vulnerability Number

V-56031

Documentable

False

Rule Version

SRG-APP-000429-WSR-000113

Severity Override Guidance

Review the web server documentation and deployed configuration to determine whether the web server is authorizing and managing users.

If the web server is not authorizing and managing users, this is NA.

If the web server is the user authenticator and manager, verify that stored user identifiers and passwords are being encrypted by the web server. If the user information is not being encrypted when stored, this is a finding.

Check Content Reference

M

Target Key

2557

Comments