Jun 24, 2025 Miscellaneous- Audit deprecated.
- Metadata updated.
- References updated.
|
Aug 19, 2024 Miscellaneous- Metadata updated.
- References updated.
- See also link updated.
|
Jun 17, 2024 |
May 10, 2024 Miscellaneous- Metadata updated.
- See also link updated.
Added- AS24-U2-000020 - The Apache web server must perform server-side session management.
- AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided.
- AS24-U2-000090 - The Apache web server must produce log records containing sufficient information to establish what type of events occurred.
- AS24-U2-000350 - Users and scripts running on behalf of users must be contained to the document root or home directory tree of the Apache web server.
- AS24-U2-000380 - The Apache web server must perform RFC 5280-compliant certification path validation.
- AS24-U2-000390 - Only authenticated system administrators or the designated PKI Sponsor for the Apache web server must have access to the Apache web servers private key.
- AS24-U2-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application.
- AS24-U2-000660 - The Apache web server must set an inactive timeout for sessions.
- AS24-U2-000890 - Cookies exchanged between the Apache web server and the client, such as session cookies, must have cookie properties set to force the encryption of cookies.
Removed- AS24-U2-000020 - The Apache web server must perform server-side session management
- AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided
- AS24-U2-000090 - The Apache web server must produce log records containing sufficient information to establish what type of events occurred
- AS24-U2-000350 - Users and scripts running on behalf of users must be contained to the document root or home directory tree of the Apache web server
- AS24-U2-000380 - The Apache web server must perform RFC 5280-compliant certification path validation
- AS24-U2-000390 - Only authenticated system administrators or the designated PKI Sponsor for the Apache web server must have access to the Apache web servers private key
- AS24-U2-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application
- AS24-U2-000660 - The Apache web server must set an inactive timeout for sessions
- AS24-U2-000890 - Cookies exchanged between the Apache web server and the client, such as session cookies, must have cookie properties set to force the encryption of cookies
|
