UCF STIG Viewer Logo

The application server must prohibit or restrict the use of unauthorized functions, ports, protocols, and/or services.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35236 SRG-APP-000142-AS-000096 SV-46523r1_rule Medium
Description
Application servers provide numerous processes, features and functionalities that utilize TCP/IP ports. Some of these processes may be deemed to be unnecessary or too insecure to run on a production system. The AS must provide the capability to disable or deactivate network related services that are deemed to be non-essential to the server mission, for example, disabling a protocol or feature that opens a listening port that is prohibited by DoD ports and protocols. For a list of approved ports and protocols reference the DoD ports and protocols web site at https://powhatan.iiie.disa.mil/ports/cal.html
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-43605r1_chk )
Review the AS documentation and configuration to determine if the AS has unauthorized ports disabled. If the AS is not configured to meet this requirement, this is a finding.

Fix Text (F-39783r1_fix)
Configure the AS to use only authorized ports, protocols, and services.