Detections
Analytics
WG140 W22 - Private web servers must require certificates issued from a DoD-authorized Certificate Authority.
Information
Web sites requiring authentication within the DoD must utilize PKI as an authentication mechanism for web users. Information systems residing behind web servers requiring authorization based on individual identity must use the identity provided by certificate-based authentication to support access control decisions.Solution
Set the SSLVerifyClient directive to 'require'.See Also
https://iasecontent.disa.mil/stigs/zip/U_Apache_2-2_WIN_V1R13_STIG.zip
Item Details
Audit Name: DISA STIG Apache Site 2.2 Windows v1r13
Category: SYSTEM AND COMMUNICATIONS PROTECTION
References: 800-53|SC-8(1), CAT|II, Rule-ID|SV-33106r1_rule, STIG-ID|WG140_W22, Vuln-ID|V-6531
Plugin: Windows
Control ID: 48e33e920d0f3c9d2699e046a739c485afaae5fcc12ed4765376ce4ba4fd3405