WG610 A22 – Web sites must utilize ports, protocols, and services according to PPSM guidelines.

Details

Failure to comply with DoD ports, protocols, and services (PPS) requirements can result

in compromise of enclave boundary protections and/or functionality of the AIS.

The IAM will ensure web servers are configured to use only authorized PPS in accordance with the Network Infrastructure STIG, DoD Instruction 8551.1, Ports, Protocols, and Services Management (PPSM), and the associated Ports, Protocols, and Services (PPS) Assurance Category Assignments List.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Ensure the web site enforces the use of IANA well-known ports for HTTP and HTTPS.

Supportive Information

The following resource is also helpful.

https://iasecontent.disa.mil/stigs/zip/U_Apache_2-2_UNIX_V1R11_STIG.zip

This control applies to the following type of system Unix.

References

CAT|III
Rule-ID|SV-34015r1_rule
STIG-ID|WG610_A22
Vuln-ID|V-15334

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles