U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Web Policy STIG Version 1, Release 1 Checklist Details (Checklist Revisions)

Supporting Resources:

Target:

Target CPE Name
Apache HTTP Server 1.3 cpe:/a:apache:http_server:1.3 (View CVEs)
Apache HTTP Server 2.0 cpe:/a:apache:http_server:2.0 (View CVEs)
Apache HTTP Server 2.2 cpe:/a:apache:http_server:2.2 (View CVEs)
Microsoft Internet Information Services cpe:/a:microsoft:iis (View CVEs)

Checklist Highlights

Checklist Name:
Web Policy STIG
Checklist ID:
405
Version:
Version 1, Release 1
Type:
Compliance
Review Status:
Archived
Authority:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:
10/28/2011

Checklist Summary:

The web policy STIG should be used in conjunction with web server specific guidance (i.e. IIS, Apache, etc.) when performing a web server review. The web policy STIGs intent is to consider the non-computing aspects of web server security management.

Checklist Role:

  • Web Server

Known Issues:

Not provided.

Target Audience:

This document is a requirement for all DoD-owned information systems and DoD-controlled information systems operated by a contractor and/or other entity on behalf of the DoD that receive, process, store, display, or transmit DoD information, regardless of classification and/or sensitivity. These requirements are designed to assist Security Managers (SMs), Information Assurance Managers (IAMs), Information Assurance Officers (IAOs), and System Administrators (SAs) with configuring and maintaining security controls.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

DoD Directive 8500.1

Comments/Warnings/Miscellaneous:

Not provided.

Disclaimer:

Not provided.

Product Support:

The application development group should refer to the supporting organization for the application, when application issues arise from meeting STIG requirements.

Point of Contact:

fso_spt@disa.mil

Sponsor:

Not provided.

Licensing:

Not provided.

Change History:

Updated URLs - 6/14/19
Sunset per DISA - 6/17/19
updated URLs - 9/11/19

Dependency/Requirements:

URL Description

References:

Reference URL Description

NIST checklist record last modified on 09/11/2019