The IAO will ensure unnecessary services are disabled or removed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-6151 | APP6030 | SV-6151r1_rule | DCSD-1 | Medium |
| Description |
|---|
| Unnecessary services and software increases the security risk by increasing the potential attack surface of the application. |
| STIG | Date |
|---|---|
| Application Security and Development Checklist | 2014-12-22 |
Details
| Check Text ( C-3056r1_chk ) |
|---|
| Examine the configuration of the servers. Determine what software is installed on the servers. Determine which services are needed for the application by examining the application design and accreditation documentation and interviewing the application representative. For example, in cases where two web servers (IIS and Apache) are installed, and only one is being used. 1) If there are services or software present not needed for the application, it is a finding. |
| Fix Text (F-4455r1_fix) |
|---|
| Remove unnecessary services or software. |