WA120 W22 - Administrative users and groups that have access rights to the web server must be documented.


There are typically several individuals and groups that are involved in running a production web site. In most cases, we can identify several types of users on a web server. These are the System Administrators (SAs), Web Managers, Auditors, Authors, Developers, and the Clients. Accounts will be restricted to those who are necessary to maintain web services, review the server's operation, and the operating system. A detailed record of these accounts must be maintained.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.


Document the administrative users and groups which have access rights to the web server in the site SOP or equivalent document.

See Also


Item Details

References: CAT|III, Rule-ID|SV-33017r1_rule, STIG-ID|WA120_W22, Vuln-ID|V-2257

Plugin: Windows

Control ID: 039008fd500db63d0b99f03335d434ddc469714008cac3b9f42fa8759b8d3473