UCF STIG Viewer Logo

Web Policy STIG

Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-23839 Medium Change on a production web site is controlled.
V-23819 Medium The production web server staff will have a formal migration plan for removing or upgrading production web server software prior to the date the vendor drops security patch support.
V-23840 Medium Documented procedures and processes exist to recover the production web server and its associated web sites and are included as a part of the COOP.
V-23829 Medium Production web server scripts are tested before implementation.
V-23842 Medium A process must exist to ensure changes to a production web server’s software or a production web server’s configurable settings are tested and documented before being implemented.
V-23846 Medium Information on public web servers is reviewed before publication and periodically reviewed after publication.
V-23822 Medium Incident Response procedures must exist for web servers and sites.
V-23835 Medium The sensitivity level of all data for publication on a production web site is known and documented.
V-23838 Low A current baseline configuration for the web server is maintained at all times.
V-23841 Low The SA and the web administrator are aware of mobile code technology deployed on servers under their administration.
V-23844 Low Web server access logs are generated and retained according to DoDI 8500.2 requirements.
V-23833 Low Trained staff are not available to respond to web server or web content problems.
V-23834 Low All interactive CGI programs used on the production web server will be documented.
V-23836 Low Configuration management policies are available to the SA and the web administrator.