DISA STIG Apache Server 2.4 Unix Site v2r4 Middleware

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG Apache Server 2.4 Unix Site v2r4 Middleware

Updated: 6/24/2025

Authority: DISA STIG

Plugin: Unix

Revision: 1.4

Estimated Item Count: 28

File Details

Filename: DISA_STIG_Apache_Site-2.4_Unix_v2r4_Middleware.audit

Size: 60.5 kB

MD5: 8489d4893969a7b0ab1593a0327d8c10
SHA256: b228f46eb421594a2ee20a768ce0971239979c2d2f5f481f6d18f57f0cd59b87

Audit Changelog

 
Revision 1.4

Jun 24, 2025

Miscellaneous
  • Audit deprecated.
  • Metadata updated.
  • References updated.
Revision 1.3

Aug 19, 2024

Miscellaneous
  • Metadata updated.
  • References updated.
  • See also link updated.
Revision 1.2

Jun 17, 2024

Miscellaneous
  • Metadata updated.
Revision 1.1

May 10, 2024

Miscellaneous
  • Metadata updated.
  • See also link updated.
Added
  • AS24-U2-000020 - The Apache web server must perform server-side session management.
  • AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided.
  • AS24-U2-000090 - The Apache web server must produce log records containing sufficient information to establish what type of events occurred.
  • AS24-U2-000350 - Users and scripts running on behalf of users must be contained to the document root or home directory tree of the Apache web server.
  • AS24-U2-000380 - The Apache web server must perform RFC 5280-compliant certification path validation.
  • AS24-U2-000390 - Only authenticated system administrators or the designated PKI Sponsor for the Apache web server must have access to the Apache web servers private key.
  • AS24-U2-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application.
  • AS24-U2-000660 - The Apache web server must set an inactive timeout for sessions.
  • AS24-U2-000890 - Cookies exchanged between the Apache web server and the client, such as session cookies, must have cookie properties set to force the encryption of cookies.
Removed
  • AS24-U2-000020 - The Apache web server must perform server-side session management
  • AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided
  • AS24-U2-000090 - The Apache web server must produce log records containing sufficient information to establish what type of events occurred
  • AS24-U2-000350 - Users and scripts running on behalf of users must be contained to the document root or home directory tree of the Apache web server
  • AS24-U2-000380 - The Apache web server must perform RFC 5280-compliant certification path validation
  • AS24-U2-000390 - Only authenticated system administrators or the designated PKI Sponsor for the Apache web server must have access to the Apache web servers private key
  • AS24-U2-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application
  • AS24-U2-000660 - The Apache web server must set an inactive timeout for sessions
  • AS24-U2-000890 - Cookies exchanged between the Apache web server and the client, such as session cookies, must have cookie properties set to force the encryption of cookies