Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-2242 | WA060 IIS6 | SV-38169r1_rule | EBPW-1 ECIC-1 | Medium |
Description |
---|
To minimize exposure of private assets to unnecessary risk, public web servers must be physically isolated from internal systems. Public web servers must not have trusted connections with private assets. |
STIG | Date |
---|---|
IIS6 Server | 2011-09-26 |
Check Text ( C-37550r1_chk ) |
---|
Determine where the public web server is logically located on the sites LAN. Visually check the web server hardware connections to see if it conforms to the site’s network diagram. If the web server is not isolated in accordance with the DoD Enclave and Internet-NIPRNet DMZ STIGs, this is a finding. NOTE: If there is a Network Reviewer available, they should be able to provide much of the information needed to validate this check. |
Fix Text (F-32796r1_fix) |
---|
Relocate the public web servers to be isolated from internal systems. In addition, ensure the public web servers do not have trusted connections with assets outside the confines of the Demilitarized Zone (DMZ) or isolated separate public enclave (subnet). |