Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
tc Server ALL must exclude documentation, sample code, example applications, and tutorials.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-241637 | VROM-TC-000355 | SV-241637r879587_rule | High |
| Description |
|---|
| Web server documentation, sample code, example applications, and tutorials may be an exploitable threat to a web server because this type of code has not been evaluated and approved. A production web server must only contain components that are operationally necessary (e.g., compiled code, scripts, web-content, etc.). Any documentation, sample code, example applications, and tutorials must be removed from a production web server. Because tc Server is installed as part of the entire vROps application, and not installed separately, VMware has ensured that all documentation, sample code, example applications, and tutorials have been removed from tc Server as part of the build process. |
| STIG | Date |
|---|---|
| VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide | 2023-09-12 |
Details
| Check Text ( C-44913r684147_chk ) |
|---|
| Obtain supporting documentation from the ISSO. Review the web server documentation and deployed configuration to determine if documentation, sample code, example applications, and tutorials have been removed. If documentation, sample code, example applications, and tutorials have not been removed, this is a finding. |
| Fix Text (F-44872r683772_fix) |
|---|
| Document the removal of all documentation, sample code, example applications, and tutorials and ensure the web server configuration does not contain any documentation, sample code, example applications, and tutorials. |