Skip to content
Log In

APACHE 2.2 Site for Windows Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • WG400

    Group
    Show

  • All interactive programs must be placed in a designated directory with appropriate permissions.

    CGI scripts represents one of the most common and exploitable means of compromising a web server. By definition, CGI are executable by the operating system of the host server. While access control ...
    Rule Medium Severity
    Show

  • WG410

    Group
    Show

  • WG110

    Group
    Show

  • WG170

    Group
    Show

  • WG230

    Group
    Show

  • Web server administration must be performed over a secure path or at the local console.

    Logging into a web server remotely using an unencrypted protocol or service when performing updates and maintenance is a major risk. Data, such as user account, is transmitted in plaintext and can...
    Rule High Severity
    Show

  • WG240

    Group
    Show

  • WG250

    Group
    Show

  • Log file access must be restricted to System Administrators, Web Administrators or Auditors.

    A major tool in exploring the web site use, attempted use, unusual conditions and problems are the access and error logs. In the event of a security incident, these logs can provide the SA and Web ...
    Rule Medium Severity
    Show

  • WG260

    Group
    Show

  • WG290

    Group
    Show

  • The web client account access to the content and scripts directories must be limited to read and execute.

    Excessive permissions for the anonymous web user account are one of the most common faults contributing to the compromise of a web server. If this user is able to upload and execute files on the we...
    Rule High Severity
    Show

  • WG310

    Group
    Show

  • WG340

    Group
    Show

  • A private web server must utilize an approved TLS version.

    Transport Layer Security (TLS) encryption is a required security setting for a private web server. Encryption of private information is essential to ensuring data confidentiality. If private inform...
    Rule Medium Severity
    Show

  • WG350

    Group
    Show

  • A private web server must have a valid DoD server certificate.

    This check verifies that DoD is a hosted web site's CA. The certificate is actually a DoD-issued server certificate used by the organization being reviewed. This is used to verify the authenticity ...
    Rule Medium Severity
    Show

  • WG490

    Group
    Show

  • WG430

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules