WG610 A22 - Web sites must utilize ports, protocols, and services according to PPSM guidelines.

Information

Failure to comply with DoD ports, protocols, and services (PPS) requirements can result
in compromise of enclave boundary protections and/or functionality of the AIS.

The IAM will ensure web servers are configured to use only authorized PPS in accordance with the Network Infrastructure STIG, DoD Instruction 8551.1, Ports, Protocols, and Services Management (PPSM), and the associated Ports, Protocols, and Services (PPS) Assurance Category Assignments List.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Ensure the web site enforces the use of IANA well-known ports for HTTP and HTTPS.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Apache_2-2_UNIX_V1R11_STIG.zip

Item Details

References: CAT|III, Rule-ID|SV-34015r1_rule, STIG-ID|WG610_A22, Vuln-ID|V-15334

Plugin: Unix

Control ID: 93d73537be48d9f4e109864c688df17f87b52fc85f86812d85d77905f202fc19