DISA STIG VMware vSphere 6.7 STS Tomcat v1r3

Audit Details

Name: DISA STIG VMware vSphere 6.7 STS Tomcat v1r3

Updated: 6/17/2024

Authority: DISA STIG

Plugin: Unix

Revision: 1.1

Estimated Item Count: 41

File Details

Filename: DISA_STIG_VMware_vSphere_6.7_STS_Tomcat_v1r3.audit

Size: 83.5 kB

MD5: c60afc650c74a2725eae8f325eaa3839

SHA256: d79c49108b8c6b5c1f37361118b55a72e7a67633f8380944ab7680da1e672c9a

Audit Items

Description	Categories
DISA_STIG_VMware_vSphere_6.7_STS_Tomcat_v1r3.audit from DISA VMware vSphere 6.7 STS Tomcat v1r3 STIG
VCST-67-000001 - The Security Token Service must limit the amount of time that each TCP connection is kept alive.	ACCESS CONTROL
VCST-67-000002 - The Security Token Service must limit the number of concurrent connections permitted.	ACCESS CONTROL
VCST-67-000003 - The Security Token Service must limit the maximum size of a POST request.	ACCESS CONTROL
VCST-67-000004 - The Security Token Service must protect cookies from XSS.	ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION
VCST-67-000005 - The Security Token Service must record user access in a format that enables monitoring of remote access.	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - .handlers	AUDIT AND ACCOUNTABILITY
VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - bufferSize	AUDIT AND ACCOUNTABILITY
VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - directory	AUDIT AND ACCOUNTABILITY
VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - handlers	AUDIT AND ACCOUNTABILITY
VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - level	AUDIT AND ACCOUNTABILITY
VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - prefix	AUDIT AND ACCOUNTABILITY
VCST-67-000007 - Security Token Service log files must only be modifiable by privileged users.	AUDIT AND ACCOUNTABILITY
VCST-67-000008 - The Security Token Service application files must be verified for their integrity.	AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT
VCST-67-000009 - The Security Token Service must only run one web app.	CONFIGURATION MANAGEMENT
VCST-67-000010 - The Security Token Service must not be configured with unused realms.	CONFIGURATION MANAGEMENT
VCST-67-000011 - The Security Token Service must be configured to limit access to internal packages.	CONFIGURATION MANAGEMENT
VCST-67-000012 - The Security Token Service must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled.	CONFIGURATION MANAGEMENT
VCST-67-000013 - The Security Token Service must have mappings set for Java servlet pages.	CONFIGURATION MANAGEMENT
VCST-67-000014 - The Security Token Service must not have the Web Distributed Authoring (WebDAV) servlet installed.	CONFIGURATION MANAGEMENT
VCST-67-000015 - The Security Token Service must be configured with memory leak protection.	CONFIGURATION MANAGEMENT
VCST-67-000016 - The Security Token Service must not have any symbolic links in the web content directory tree.	CONFIGURATION MANAGEMENT
VCST-67-000017 - The Security Token Service directory tree must have permissions in an 'out-of-the-box' state - out-of-the-box state.	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
VCST-67-000018 - The Security Token Service must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.	SYSTEM AND COMMUNICATIONS PROTECTION
VCST-67-000019 - The Security Token Service must limit the number of allowed connections.	SYSTEM AND COMMUNICATIONS PROTECTION
VCST-67-000020 - The Security Token Service must set 'URIEncoding' to UTF-8 - URIEncoding to UTF-8.	SYSTEM AND INFORMATION INTEGRITY
VCST-67-000021 - The Security Token Service must use the 'setCharacterEncodingFilter' filter - filter	SYSTEM AND INFORMATION INTEGRITY
VCST-67-000021 - The Security Token Service must use the 'setCharacterEncodingFilter' filter - filter-mapping	SYSTEM AND INFORMATION INTEGRITY
VCST-67-000022 - The Security Token Service must set the welcome-file node to a default web page.	SYSTEM AND INFORMATION INTEGRITY
VCST-67-000023 - The Security Token Service must not show directory listings.	SYSTEM AND INFORMATION INTEGRITY
VCST-67-000024 - The Security Token Service must be configured to show error pages with minimal information.	SYSTEM AND INFORMATION INTEGRITY
VCST-67-000025 - The Security Token Service must not enable support for TRACE requests.	SYSTEM AND INFORMATION INTEGRITY
VCST-67-000026 - The Security Token Service must have the debug option disabled.	SYSTEM AND INFORMATION INTEGRITY
VCST-67-000027 - Rsyslog must be configured to monitor and ship Security Token Service log files - sts-runtime	AUDIT AND ACCOUNTABILITY
VCST-67-000027 - Rsyslog must be configured to monitor and ship Security Token Service log files - vmidentity	AUDIT AND ACCOUNTABILITY
VCST-67-000028 - The Security Token Service must be configured with the appropriate ports - http	CONFIGURATION MANAGEMENT
VCST-67-000028 - The Security Token Service must be configured with the appropriate ports - https	CONFIGURATION MANAGEMENT
VCST-67-000028 - The Security Token Service must be configured with the appropriate ports - localhost.https	CONFIGURATION MANAGEMENT
VCST-67-000029 - The Security Token Service must disable the shutdown port.	SYSTEM AND COMMUNICATIONS PROTECTION
VCST-67-000030 - The Security Token Service must set the secure flag for cookies.	SYSTEM AND COMMUNICATIONS PROTECTION
VCST-67-000999 - The version of STS Tomcat running on the system must be a supported version.	SYSTEM AND INFORMATION INTEGRITY

Detections

Analytics

DISA STIG VMware vSphere 6.7 STS Tomcat v1r3

Audit Details

File Details

Audit Items