Jun 2, 2023 Miscellaneous- Audit deprecated.
- Metadata updated.
- References updated.
|
Apr 12, 2023 Miscellaneous- Metadata updated.
- Platform check updated.
- Variables updated.
|
Mar 7, 2023 Miscellaneous- Metadata updated.
- References updated.
- Variables updated.
|
Dec 7, 2022 |
Aug 9, 2022 Functional Update- AS24-U1-000020 - The Apache web server must perform server-side session management - httpd
- AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_module
- AS24-U1-000070 - The Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events - log_config_module
- AS24-U1-000230 - Expansion modules must be fully reviewed, tested, and signed before they can exist on a production Apache web server.
- AS24-U1-000260 - The Apache web server must not be a proxy server.
- AS24-U1-000330 - The Apache web server must have Web Distributed Authoring (WebDAV) disabled.
- AS24-U1-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application - httpd
- AS24-U1-000510 - The Apache web server must generate a session ID long enough that it cannot be guessed through brute force - session_crypto
- AS24-U1-000520 - The Apache web server must generate a session ID using as much of the character set as possible to reduce the risk of brute force.
- AS24-U1-000650 - The Apache web server must set an inactive timeout for sessions - reqtimeout_module
- AS24-U1-000750 - The Apache web server must generate log records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT) which are stamped at a minimum granularity of one second - log_config_module
- AS24-U1-000820 - The Apache web server must be protected from being stopped by a non-privileged user - apachectl
- AS24-U1-000820 - The Apache web server must be protected from being stopped by a non-privileged user - httpd pid
- AS24-U1-000820 - The Apache web server must be protected from being stopped by a non-privileged user - service
- AS24-U1-000930 - The Apache web server must install security-relevant software updates within the configured time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
- AS24-U1-000940 - The account used to run the Apache web server must not have a valid login shell and password defined.
- AS24-U1-000960 - The Apache web server software must be a vendor-supported version.
|
Apr 25, 2022 |