Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-6531 | WG140 A22 | SV-33019r1_rule | IATS-1 IATS-2 | Medium |
Description |
---|
Web sites requiring authentication within the DoD must utilize PKI as an authentication mechanism for web users. Information systems residing behind web servers requiring authorization based on individual identity must use the identity provided by certificate-based authentication to support access control decisions. |
STIG | Date |
---|---|
APACHE SITE 2.2 for Unix | 2015-08-27 |
Check Text ( C-33701r1_chk ) |
---|
To view the SSLVerifyClient value enter the following command: grep "SSLVerifyClient" /usr/local/apache2/conf/httpd.conf. If the value of SSLVerifyClient is not set to “require”, this is a finding. |
Fix Text (F-29335r1_fix) |
---|
Edit the httpd.conf file and set the value of SSLVerifyClient to "require". |