Details
Failure to comply with DoD ports, protocols, and services (PPS) requirements can result in compromise of enclave boundary protections and/or functionality of the automated information system (AIS).
The IAM will ensure web servers are configured to use only authorized PPS in accordance with the Network Infrastructure STIG, DoD Instruction 8551.1, Ports, Protocols, and Services Management (PPSM), and the associated Ports, Protocols, and Services (PPS) Assurance Category Assignments List.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Ensure the web site enforces the use of IANA well-known ports for HTTP and HTTPS.
Supportive Information
The following resource is also helpful.
This control applies to the following type of system Windows.
References
- CAT|III
- Rule-ID|SV-34016r1_rule
- STIG-ID|WG610_W22
- Vuln-ID|V-15334