|Finding ID||Version||Rule ID||IA Controls||Severity|
|Web servers provide numerous processes, features, and functionalities that utilize TCP/IP ports. Some of these processes may be deemed unnecessary or too unsecure to run on a production system. The web server must provide the capability to disable or deactivate network-related services that are deemed to be non-essential to the server mission, are too unsecure, or are prohibited by the PPSM CAL and vulnerability assessments.|
|Web Server Security Requirements Guide||2022-09-20|
|Check Text ( C-6689r377876_chk )|
| Review the web server documentation and deployment configuration to determine which ports and protocols are enabled. |
Verify that the ports and protocols being used are permitted, necessary for the operation of the web server and the hosted applications and are secure for a production system.
If any of the ports or protocols are not permitted, are nonsecure or are not necessary for web server operation, this is a finding.
|Fix Text (F-6689r377877_fix)|
|Configure the web server to disable any ports or protocols that are not permitted, are nonsecure for a production web server or are not necessary for web server operation.|