STIGQter: STIG Summary: Oracle HTTP Server 12.1.3 Security Technical Implementation Guide Version: 1 Release: 7 Benchmark Date: 24 Jul 2020:

A public OHS installation, if hosted on the NIPRNet, must be isolated in an accredited DoD DMZ Extension.

DISA Rule

SV-79147r1_rule

Vulnerability Number

V-64657

Group Title

SRG-APP-000516-WSR-000174

Rule Version

OH12-1X-000209

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

1. Relocate the OHS server to be in a DMZ, isolated from internal systems.

2. Confirm that the OHS server only has connections to supporting Application and Database Servers.

Check Contents

1. As required, confirm with the OHS Administrator that OHS is installed in a DMZ and isolated from internal systems.

2. If not, this is a finding.

Vulnerability Number

V-64657

Documentable

False

Rule Version

OH12-1X-000209

Severity Override Guidance

1. As required, confirm with the OHS Administrator that OHS is installed in a DMZ and isolated from internal systems.

2. If not, this is a finding.

Check Content Reference

Target Key

2753

A public OHS installation, if hosted on the NIPRNet, must be isolated in an accredited DoD DMZ Extension.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments