Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The web server must augment re-creation to a stable and known baseline.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-56029 | SRG-APP-000225-WSR-000074 | SV-70283r1_rule | Medium |
| Description |
|---|
| Making certain that the web server has not been updated by an unauthorized user is always a concern. Adding patches, functions, and modules that are untested and not part of the baseline opens the possibility for security risks. The web server must offer, and not hinder, a method that allows for the quick and easy reinstallation of a verified and patched baseline to guarantee the production web server is up-to-date and has not been modified to add functionality or expose security risks. When the web server does not offer a method to roll back to a clean baseline, external methods, such as a baseline snapshot or virtualizing the web server, can be used. |
| STIG | Date |
|---|---|
| Web Server Security Requirements Guide | 2014-11-17 |
Details
| Check Text ( C-56599r2_chk ) |
|---|
| Review the web server documentation and deployed configuration to determine if the web server offers the capability to reinstall from a known state. If the web server does not offer this capability, determine if the web server, in any manner, prohibits the reinstallation of a known state. If the web server does prohibit the reinstallation to a known state, this is a finding. |
| Fix Text (F-60907r1_fix) |
|---|
| Configure the web server to augment and not hinder the reinstallation of a known and stable baseline. |