DISA STIG VMware vSphere 6.7 STS Tomcat v1r3

Audit Details

Name: DISA STIG VMware vSphere 6.7 STS Tomcat v1r3

Updated: 6/17/2024

Authority: DISA STIG

Plugin: Unix

Revision: 1.1

Estimated Item Count: 41

File Details

Filename: DISA_STIG_VMware_vSphere_6.7_STS_Tomcat_v1r3.audit

Size: 83.5 kB

MD5: c60afc650c74a2725eae8f325eaa3839
SHA256: d79c49108b8c6b5c1f37361118b55a72e7a67633f8380944ab7680da1e672c9a

Audit Items

DescriptionCategories
DISA_STIG_VMware_vSphere_6.7_STS_Tomcat_v1r3.audit from DISA VMware vSphere 6.7 STS Tomcat v1r3 STIG
VCST-67-000001 - The Security Token Service must limit the amount of time that each TCP connection is kept alive.

ACCESS CONTROL

VCST-67-000002 - The Security Token Service must limit the number of concurrent connections permitted.

ACCESS CONTROL

VCST-67-000003 - The Security Token Service must limit the maximum size of a POST request.

ACCESS CONTROL

VCST-67-000004 - The Security Token Service must protect cookies from XSS.

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

VCST-67-000005 - The Security Token Service must record user access in a format that enables monitoring of remote access.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - .handlers

AUDIT AND ACCOUNTABILITY

VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - bufferSize

AUDIT AND ACCOUNTABILITY

VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - directory

AUDIT AND ACCOUNTABILITY

VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - handlers

AUDIT AND ACCOUNTABILITY

VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - level

AUDIT AND ACCOUNTABILITY

VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - prefix

AUDIT AND ACCOUNTABILITY

VCST-67-000007 - Security Token Service log files must only be modifiable by privileged users.

AUDIT AND ACCOUNTABILITY

VCST-67-000008 - The Security Token Service application files must be verified for their integrity.

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

VCST-67-000009 - The Security Token Service must only run one web app.

CONFIGURATION MANAGEMENT

VCST-67-000010 - The Security Token Service must not be configured with unused realms.

CONFIGURATION MANAGEMENT

VCST-67-000011 - The Security Token Service must be configured to limit access to internal packages.

CONFIGURATION MANAGEMENT

VCST-67-000012 - The Security Token Service must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled.

CONFIGURATION MANAGEMENT

VCST-67-000013 - The Security Token Service must have mappings set for Java servlet pages.

CONFIGURATION MANAGEMENT

VCST-67-000014 - The Security Token Service must not have the Web Distributed Authoring (WebDAV) servlet installed.

CONFIGURATION MANAGEMENT

VCST-67-000015 - The Security Token Service must be configured with memory leak protection.

CONFIGURATION MANAGEMENT

VCST-67-000016 - The Security Token Service must not have any symbolic links in the web content directory tree.

CONFIGURATION MANAGEMENT

VCST-67-000017 - The Security Token Service directory tree must have permissions in an 'out-of-the-box' state - out-of-the-box state.

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

VCST-67-000018 - The Security Token Service must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.

SYSTEM AND COMMUNICATIONS PROTECTION

VCST-67-000019 - The Security Token Service must limit the number of allowed connections.

SYSTEM AND COMMUNICATIONS PROTECTION

VCST-67-000020 - The Security Token Service must set 'URIEncoding' to UTF-8 - URIEncoding to UTF-8.

SYSTEM AND INFORMATION INTEGRITY

VCST-67-000021 - The Security Token Service must use the 'setCharacterEncodingFilter' filter - filter

SYSTEM AND INFORMATION INTEGRITY

VCST-67-000021 - The Security Token Service must use the 'setCharacterEncodingFilter' filter - filter-mapping

SYSTEM AND INFORMATION INTEGRITY

VCST-67-000022 - The Security Token Service must set the welcome-file node to a default web page.

SYSTEM AND INFORMATION INTEGRITY

VCST-67-000023 - The Security Token Service must not show directory listings.

SYSTEM AND INFORMATION INTEGRITY

VCST-67-000024 - The Security Token Service must be configured to show error pages with minimal information.

SYSTEM AND INFORMATION INTEGRITY

VCST-67-000025 - The Security Token Service must not enable support for TRACE requests.

SYSTEM AND INFORMATION INTEGRITY

VCST-67-000026 - The Security Token Service must have the debug option disabled.

SYSTEM AND INFORMATION INTEGRITY

VCST-67-000027 - Rsyslog must be configured to monitor and ship Security Token Service log files - sts-runtime

AUDIT AND ACCOUNTABILITY

VCST-67-000027 - Rsyslog must be configured to monitor and ship Security Token Service log files - vmidentity

AUDIT AND ACCOUNTABILITY

VCST-67-000028 - The Security Token Service must be configured with the appropriate ports - http

CONFIGURATION MANAGEMENT

VCST-67-000028 - The Security Token Service must be configured with the appropriate ports - https

CONFIGURATION MANAGEMENT

VCST-67-000028 - The Security Token Service must be configured with the appropriate ports - localhost.https

CONFIGURATION MANAGEMENT

VCST-67-000029 - The Security Token Service must disable the shutdown port.

SYSTEM AND COMMUNICATIONS PROTECTION

VCST-67-000030 - The Security Token Service must set the secure flag for cookies.

SYSTEM AND COMMUNICATIONS PROTECTION

VCST-67-000999 - The version of STS Tomcat running on the system must be a supported version.

SYSTEM AND INFORMATION INTEGRITY