Skip to content
Log In

III - Administrative Sensitive

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000439-WSR-000154

    Group
    Show

  • Cookies exchanged between the Apache web server and the client, such as session cookies, must have cookie properties set to prohibit client-side scripts from reading the cookie data.

    A cookie can be read by client-side scripts easily if cookie properties are not set properly. By allowing cookies to be read by the client-side scripts, information such as session identifiers coul...
    Rule Medium Severity
    Show

  • SRG-APP-000439-WSR-000188

    Group
    Show

  • The Apache web server must remove all export ciphers to protect the confidentiality and integrity of transmitted information.

    During the initial setup of a Transport Layer Security (TLS) connection to the Apache web server, the client sends a list of supported cipher suites in order of preference. The Apache web server wi...
    Rule Medium Severity
    Show

  • SRG-APP-000456-WSR-000187

    Group
    Show

  • The Apache web server must install security-relevant software updates within the configured time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).

    Security flaws with software applications are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. Organizations (incl...
    Rule Medium Severity
    Show

  • SRG-APP-000516-WSR-000079

    Group
    Show

  • The account used to run the Apache web server must not have a valid login shell and password defined.

    During installation of the Apache web server software, accounts are created for the Apache web server to operate properly. The accounts installed can have either no password installed or a default ...
    Rule High Severity
    Show

  • SRG-APP-000516-WSR-000174

    Group
    Show

  • The Apache web server must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.

    Configuring the Apache web server to implement organization-wide security implementation guides and security checklists guarantees compliance with federal standards and establishes a common securit...
    Rule Low Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules