Check: WG610 W22
APACHE SITE 2.0 for Windows:
WG610 W22
(in version v1 r5)
Title
Web sites must utilize ports, protocols, and services according to PPSM guidelines. (Cat III impact)
Discussion
Failure to comply with DoD ports, protocols, and services (PPS) requirements can result in compromise of enclave boundary protections and/or functionality of the automated information system (AIS). The IAM will ensure web servers are configured to use only authorized PPS in accordance with the Network Infrastructure STIG, DoD Instruction 8551.1, Ports, Protocols, and Services Management (PPSM), and the associated Ports, Protocols, and Services (PPS) Assurance Category Assignments List.
Check Content
Review the web site to determine if HTTP and HTTPs are used in accordance with well known ports (e.g., 80 and 443) or those ports and services as registered and approved for use by the DoD PPSM. Any variation in PPS will be documented, registered, and approved by the PPSM. If not, this is a finding.
Fix Text
Ensure the web site enforces the use of IANA well-known ports for HTTP and HTTPS.
Additional Identifiers
Rule ID: SV-34016r1_rule
Vulnerability ID: V-15334
Group Title: WG610
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |