Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
tc Server ALL server files must be verified for their integrity (e.g., checksums and hashes) before becoming part of the production web server.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-240781 | VRAU-TC-000310 | SV-240781r879584_rule | Medium |
| Description |
|---|
| Being able to verify that a patch, upgrade, certificate, etc., being added to the web server is unchanged from the producer of the file is essential for file validation and non-repudiation of the information. VMware delivers product updates and patches regularly. It is crucial that system administrators coordinate installation of product updates with the site ISSO to ensure that only valid files are uploaded onto the system. |
| STIG | Date |
|---|---|
| VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide | 2023-10-03 |
Details
| Check Text ( C-44014r854837_chk ) |
|---|
| Interview the ISSO. Determine whether web server files are being fully reviewed, tested, and signed before being implemented into the production environment. If the web server files are not being fully reviewed, tested, and signed before being implemented into the production environment, this is a finding. |
| Fix Text (F-43973r674086_fix) |
|---|
| Configure the web server to verify object integrity before becoming part of the production web server or utilize an external tool designed to meet this requirement. |