Web sites will utilize ports, protocols, and services according to PPSM guidelines.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15334	WG610	SV-16125r1_rule	DCPP-1	Low

Description
Failure to comply with DoD ports, protocols, and services (PPS) requirements can result in compromise of enclave boundary protections and/or functionality of the AIS. The IAM will ensure web servers are configured to use only authorized PPS in accordance with the Network Infrastructure STIG, DoD Instruction 8551.1, Ports, Protocols, and Services Management (PPSM), and the associated Ports, Protocols, and Services (PPS) Assurance Category Assignments List.

Description

Failure to comply with DoD ports, protocols, and services (PPS) requirements can result in compromise of enclave boundary protections and/or functionality of the AIS. The IAM will ensure web servers are configured to use only authorized PPS in accordance with the Network Infrastructure STIG, DoD Instruction 8551.1, Ports, Protocols, and Services Management (PPSM), and the associated Ports, Protocols, and Services (PPS) Assurance Category Assignments List.

STIG	Date
Web Server STIG	2010-10-07

Details

Check Text ( C-30020r1_chk )
Review the web site to determine if HTTP and HTTPs are used in accordance with IANA well known ports (e.g., 80 and 443) or those ports and services as registered and approved for use by the DoD PPSM. Any variation in PPS will be documented, registered, and approved by the PPSM.

Fix Text (F-26863r1_fix)
Ensure the web site enforces the use of IANA well-known ports for HTTP and HTTPS.