UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

A public web server must be physically isolated in the enclave.


Overview

Finding ID Version Rule ID IA Controls Severity
V-2242 WA060 IIS6 SV-38169r1_rule EBPW-1 ECIC-1 Medium
Description
To minimize exposure of private assets to unnecessary risk, public web servers must be physically isolated from internal systems. Public web servers must not have trusted connections with private assets.
STIG Date
IIS6 Server 2011-09-26

Details

Check Text ( C-37550r1_chk )
Determine where the public web server is logically located on the sites LAN. Visually check the web server hardware connections to see if it conforms to the site’s network diagram. If the web server is not isolated in accordance with the DoD Enclave and Internet-NIPRNet DMZ STIGs, this is a finding.

NOTE: If there is a Network Reviewer available, they should be able to provide much of the information needed to validate this check.
Fix Text (F-32796r1_fix)
Relocate the public web servers to be isolated from internal systems. In addition, ensure the public web servers do not have trusted connections with assets outside the confines of the Demilitarized Zone (DMZ) or isolated separate public enclave (subnet).