IIST-SV-000147 - Access to web administration tools must be restricted to the web manager and the web managers designees.

Information

A web server can be modified through parameter modification, patch installation, upgrades to the web server or modules, and security parameter changes. With each of these changes, there is the potential for an adverse effect such as a DoS, web server instability, or hosted application instability.

To limit changes to the web server and limit exposure to any adverse effects from the changes, files such as the web server application files, libraries, and configuration files must have permissions and ownership set properly to only allow privileged users access.

The key web service administrative and configuration tools must only be accessible by the web server staff. All users granted this authority will be documented and approved by the ISSO. Access to the IIS Manager will be limited to authorized users and administrators.

Satisfies: SRG-APP-000380-WSR-000072, SRG-APP-000435-WSR-000147, SRG-APP-000033-WSR-000169

Solution

Restrict access to the web administration tool to only the web manager and the web manager's designees.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_IIS_10-0_Y24M10_STIG.zip

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AC-3, 800-53|CM-5(1), 800-53|SC-5, CAT|II, CCI|CCI-000213, CCI|CCI-001813, CCI|CCI-002385, Rule-ID|SV-218816r961461_rule, STIG-ID|IIST-SV-000147, STIG-Legacy|SV-109271, STIG-Legacy|V-100167, Vuln-ID|V-218816

Plugin: Windows

Control ID: 8f15fbc6b854091177d9fb0c549ecefea980d401577ee0c51b5f6c42dce4d0e9