WG220 A22 - Web administration tools must be restricted to the web manager and the web manager's designees - AccessConfig

Information

All automated information systems are at risk of data loss due to disaster or compromise. Failure to provide adequate protection to the administration tools creates risk of potential theft or damage that may ultimately compromise the mission. Adequate protection ensures that server administration operates with less risk of losses or operations outages. The key web service administrative and configuration tools must be accessible only by the authorized web server administrators. All users granted this authority must be documented and approved by the ISSO. Access to the IIS Manager will be limited to authorized users and administrators.

Solution

Restrict access to the web administration tool to only the web manager and the web manager's designees.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Apache_2-2_UNIX_V1R11_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(1), CAT|II, Rule-ID|SV-32948r2_rule, STIG-ID|WG220_A22, Vuln-ID|V-2248

Plugin: Unix

Control ID: d4d3e97d0a8fe15bce810d72f10d68fef3ac3bbc3a5e46dc4945e2889b5248d8