DISA STIG VMware vSphere 6.7 STS Tomcat v1r3

Audit Details

Name: DISA STIG VMware vSphere 6.7 STS Tomcat v1r3

Updated: 10/31/2023

Authority: DISA STIG

Plugin: Unix

Revision: 1.0

Estimated Item Count: 41

File Details

Filename: DISA_STIG_VMware_vSphere_6.7_STS_Tomcat_v1r3.audit

Size: 83.5 kB

MD5: 073a24dcdd55c898ad49a5f394f14944

SHA256: cb32ec92738cf37f203d8925714ba7ae5cd2571a1d1ec26c9e8925525fd53f62

Audit Items

Description	Categories
DISA_STIG_VMware_vSphere_6.7_STS_Tomcat_v1r3.audit from DISA VMware vSphere 6.7 STS Tomcat v1r3 STIG
VCST-67-000001 - The Security Token Service must limit the amount of time that each TCP connection is kept alive.	ACCESS CONTROL
VCST-67-000002 - The Security Token Service must limit the number of concurrent connections permitted.	ACCESS CONTROL
VCST-67-000003 - The Security Token Service must limit the maximum size of a POST request.	ACCESS CONTROL
VCST-67-000004 - The Security Token Service must protect cookies from XSS.	ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION
VCST-67-000005 - The Security Token Service must record user access in a format that enables monitoring of remote access.	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - .handlers	AUDIT AND ACCOUNTABILITY
VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - bufferSize	AUDIT AND ACCOUNTABILITY
VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - directory	AUDIT AND ACCOUNTABILITY
VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - handlers	AUDIT AND ACCOUNTABILITY
VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - level	AUDIT AND ACCOUNTABILITY
VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - prefix	AUDIT AND ACCOUNTABILITY
VCST-67-000007 - Security Token Service log files must only be modifiable by privileged users.	AUDIT AND ACCOUNTABILITY
VCST-67-000008 - The Security Token Service application files must be verified for their integrity.	AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT
VCST-67-000009 - The Security Token Service must only run one web app.	CONFIGURATION MANAGEMENT
VCST-67-000010 - The Security Token Service must not be configured with unused realms.	CONFIGURATION MANAGEMENT
VCST-67-000011 - The Security Token Service must be configured to limit access to internal packages.	CONFIGURATION MANAGEMENT
VCST-67-000012 - The Security Token Service must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled.	CONFIGURATION MANAGEMENT
VCST-67-000013 - The Security Token Service must have mappings set for Java servlet pages.	CONFIGURATION MANAGEMENT
VCST-67-000014 - The Security Token Service must not have the Web Distributed Authoring (WebDAV) servlet installed.	CONFIGURATION MANAGEMENT
VCST-67-000015 - The Security Token Service must be configured with memory leak protection.	CONFIGURATION MANAGEMENT
VCST-67-000016 - The Security Token Service must not have any symbolic links in the web content directory tree.	CONFIGURATION MANAGEMENT
VCST-67-000017 - The Security Token Service directory tree must have permissions in an 'out-of-the-box' state - out-of-the-box state.	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
VCST-67-000018 - The Security Token Service must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.	SYSTEM AND COMMUNICATIONS PROTECTION
VCST-67-000019 - The Security Token Service must limit the number of allowed connections.	SYSTEM AND COMMUNICATIONS PROTECTION
VCST-67-000020 - The Security Token Service must set 'URIEncoding' to UTF-8 - URIEncoding to UTF-8.	SYSTEM AND INFORMATION INTEGRITY
VCST-67-000021 - The Security Token Service must use the 'setCharacterEncodingFilter' filter - filter	SYSTEM AND INFORMATION INTEGRITY
VCST-67-000021 - The Security Token Service must use the 'setCharacterEncodingFilter' filter - filter-mapping	SYSTEM AND INFORMATION INTEGRITY
VCST-67-000022 - The Security Token Service must set the welcome-file node to a default web page.	SYSTEM AND INFORMATION INTEGRITY
VCST-67-000023 - The Security Token Service must not show directory listings.	SYSTEM AND INFORMATION INTEGRITY
VCST-67-000024 - The Security Token Service must be configured to show error pages with minimal information.	SYSTEM AND INFORMATION INTEGRITY
VCST-67-000025 - The Security Token Service must not enable support for TRACE requests.	SYSTEM AND INFORMATION INTEGRITY
VCST-67-000026 - The Security Token Service must have the debug option disabled.	SYSTEM AND INFORMATION INTEGRITY
VCST-67-000027 - Rsyslog must be configured to monitor and ship Security Token Service log files - sts-runtime	AUDIT AND ACCOUNTABILITY
VCST-67-000027 - Rsyslog must be configured to monitor and ship Security Token Service log files - vmidentity	AUDIT AND ACCOUNTABILITY
VCST-67-000028 - The Security Token Service must be configured with the appropriate ports - http	CONFIGURATION MANAGEMENT
VCST-67-000028 - The Security Token Service must be configured with the appropriate ports - https	CONFIGURATION MANAGEMENT
VCST-67-000028 - The Security Token Service must be configured with the appropriate ports - localhost.https	CONFIGURATION MANAGEMENT
VCST-67-000029 - The Security Token Service must disable the shutdown port.	SYSTEM AND COMMUNICATIONS PROTECTION
VCST-67-000030 - The Security Token Service must set the secure flag for cookies.	SYSTEM AND COMMUNICATIONS PROTECTION
VCST-67-000999 - The version of STS Tomcat running on the system must be a supported version.	SYSTEM AND INFORMATION INTEGRITY

Detections

Analytics

DISA STIG VMware vSphere 6.7 STS Tomcat v1r3

Audit Details

File Details

Audit Items