A public web server will be physically and logically isolated in accordance with the DoD Internet-NIPRNet DMZ STIG and the DoD Enclave STIG.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-2242	WA060	SV-2242r1_rule		Medium

Description
To minimize exposure of private assets to unnecessary risk by attackers, public web servers must be isolated from internal systems. Public web servers also refer to web servers that may be located on non-public networks and contain information that is approved for release to the entire community. Public web servers must not have trusted connections with assets outside the confines of the demilitarized zone (DMZ) or in an isolated separate public enclave (subnet). This trusted connection is not to be confused with a Microsoft Domain trust. A trusted connection can be an attachment to Microsoft shares, in UNIX as Network File System (NFS) mounts, as well as connections to interior enclave printers. This relationship can also be found with connections from public web servers to interior enclave databases.

Description

To minimize exposure of private assets to unnecessary risk by attackers, public web servers must be isolated from internal systems. Public web servers also refer to web servers that may be located on non-public networks and contain information that is approved for release to the entire community. Public web servers must not have trusted connections with assets outside the confines of the demilitarized zone (DMZ) or in an isolated separate public enclave (subnet). This trusted connection is not to be confused with a Microsoft Domain trust. A trusted connection can be an attachment to Microsoft shares, in UNIX as Network File System (NFS) mounts, as well as connections to interior enclave printers. This relationship can also be found with connections from public web servers to interior enclave databases.

STIG	Date
IIS 7.0 Server STIG	2019-03-22

Details

Check Text ( C-29914r1_chk )
Place Holder

Fix Text (F-26804r1_fix)
Place Holder