Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-206419 | SRG-APP-000340-WSR-000029 | SV-206419r879717_rule | Medium |
Description |
---|
By separating web server security functions from non-privileged users, roles can be developed that can then be used to administer the web server. Forcing users to change from a non-privileged account to a privileged account when operating on the web server or on security-relevant information forces users to only operate as a web server administrator when necessary. Operating in this manner allows for better logging of changes and better forensic information and limits accidental changes to the web server. |
STIG | Date |
---|---|
Web Server Security Requirements Guide | 2023-09-13 |
Check Text ( C-6680r377849_chk ) |
---|
Review the web server documentation and configuration to determine if accounts used for administrative duties of the web server are separated from non-privileged accounts. If non-privileged accounts can access web server security-relevant information, this is a finding. |
Fix Text (F-6680r377850_fix) |
---|
Set up accounts and roles that can be used to perform web server security-relevant tasks and remove or modify non-privileged account access to security-relevant tasks. |