STIGQter: STIG Summary: Oracle HTTP Server 12.1.3 Security Technical Implementation Guide Version: 1 Release: 7 Benchmark Date: 24 Jul 2020:

OHS utilizing mobile code must meet DoD-defined mobile code requirements.

DISA Rule

SV-78937r1_rule

Vulnerability Number

V-64447

Group Title

SRG-APP-000206-WSR-000128

Rule Version

OH12-1X-000265

Severity

CAT II

CCI(s)

• CCI-001166 - The information system identifies organization-defined unacceptable mobile code.

Weight

10

Fix Recommendation

Ensure that any mobile code used by any of the applications hosted on OHS follow DoD policies regarding the acquisition, development, and/or use.

Check Contents

1. Check to see whether OHS is hosting any applications that use mobile code.

2. If so, check that the mobile code follows DoD policies regarding the acquisition, development, and/or use of mobile code.

3. If not, this is a finding.

Vulnerability Number

V-64447

Documentable

False

Rule Version

OH12-1X-000265

Severity Override Guidance

1. Check to see whether OHS is hosting any applications that use mobile code.

2. If so, check that the mobile code follows DoD policies regarding the acquisition, development, and/or use of mobile code.

3. If not, this is a finding.

Check Content Reference

M

Target Key

2753

Comments