A public web server must be physically isolated in the enclave.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-2242 | WA060 IIS7 | SV-32633r1_rule | EBPW-1 ECIC-1 | Medium |
| Description |
|---|
| To minimize exposure of private assets to unnecessary risk, public web servers must be physically isolated from internal systems. Public web servers must not have trusted connections with private assets. |
| STIG | Date |
|---|---|
| IIS 7.0 WEB SERVER STIG | 2014-01-09 |
Details
| Check Text ( C-33502r1_chk ) |
|---|
| Determine where the public web server is logically located on the sites LAN. Visually check the web server hardware connections to see if it conforms to the site’s network diagram. If the web server is not isolated in accordance with the DoD Enclave and Internet-NIPRNet DMZ STIGs, this is a finding. |
| Fix Text (F-29202r1_fix) |
|---|
| Relocate the public web servers to be isolated from internal systems. In addition, ensure the public web servers do not have trusted connections with assets outside the confines of the Demilitarized Zone (DMZ) or isolated separate public enclave (subnet). |