UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Red Hat Ansible Automation Controller Web Server Security Technical Implementation Guide


Overview

Date Finding Count (28)
2023-03-15 CAT I (High): 1 CAT II (Med): 26 CAT III (Low): 1
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Classified)

Finding ID Severity Title
V-256944 High All Automation Controller NGINX front-end web server files must be verified for their integrity (e.g., checksums and hashes) before becoming part of the production web server.
V-256965 Medium The Automation Controller NGINX web servers must maintain the confidentiality and integrity of information during preparation for transmission.
V-256964 Medium Automation Controller NGINX web servers must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.
V-256967 Medium All accounts installed with the Automation Controller NGINX web server's software and tools must have passwords assigned and default passwords changed.
V-256966 Medium Automation Controller NGINX web servers must install security-relevant software updates within the configured time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
V-256961 Medium The Automation Controller NGINX web server application, libraries, and configuration files must only be accessible to privileged users.
V-256960 Medium Nonprivileged accounts on the hosting system must only access Automation Controller NGINX web server security-relevant information and functions through a distinct administrative account.
V-256963 Medium The Automation Controller NGINX web server must employ cryptographic mechanisms (TLS/DTLS/SSL) to prevent the unauthorized disclosure of information during transmission.
V-256962 Medium The Automation Controller NGINX web server must be protected from being stopped by a nonprivileged user.
V-256947 Medium All Automation Controller NGINX web servers must not be a proxy server for any process other than the Automation Controller application.
V-256946 Medium All Automation Controller NGINX front-end web servers must not perform user management for hosted applications.
V-256945 Medium Expansion modules must be fully reviewed, tested, and signed before they can exist on a production Automation Controller NGINX front-end web server.
V-256943 Medium The Automation Controller must generate the appropriate log records.
V-256942 Medium The Automation Controller NGINX web server must use cryptography on all remote connections.
V-256941 Medium The Automation Controller servers must use encrypted communication for all channels given the high impact of those services to an organization's infrastructure.
V-256940 Medium The Automation Controller web server must manage sessions.
V-256949 Medium All Automation Controller NGINX web servers must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled.
V-256948 Medium All Automation Controller NGINX webserver accounts not utilized by installed features (i.e., tools, utilities, specific services, etc.) must not be created and must be deleted when the web server feature is uninstalled.
V-256958 Medium The Automation Controller NGINX web server must display a default hosted application web page, not a directory listing, when a requested web page cannot be found.
V-256959 Medium Debugging and trace information, within Automation Controller NGINX web server, used to diagnose the web server must be disabled.
V-256954 Medium All Automation Controller NGINX web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.
V-256955 Medium Cookies exchanged between any Automation Controller NGINX web server and any client, such as session cookies, must have security settings that disallow cookie access outside the originating Automation Controller NGINX web server and hosted application.
V-256956 Medium The Automation Controller NGINX web server document directory must be in a separate partition from the web server's system files.
V-256957 Medium The Automation Controller NGINX web server must limit the character set used for data entry.
V-256950 Medium All Automation Controller NGINX web servers must have Web Distributed Authoring (WebDAV) disabled.
V-256952 Medium All Automation Controller NGINX web servers must be configured to use a specified IP address and port.
V-256953 Medium Only authenticated system administrators or the designated PKI Sponsor for an Automation Controller NGINX web server must have access to any Automation Controller NGINX web server's private key.
V-256951 Low All Automation Controller NGINX web servers must protect system resources and privileged operations from hosted applications.