Red Hat Ansible Automation Controller Web Server STIG V1R1

View as one page
STIG ID CCI Title
APWS-AT-000020 CCI-000054 The Automation Controller web server must manage sessions.
APWS-AT-000030 CCI-000068 The Automation Controller servers must use encrypted communication for all channels given the high impact of those services to an organization's infrastructure.
APWS-AT-000040 CCI-001453 The Automation Controller NGINX web server must use cryptography on all remote connections.
APWS-AT-000090 CCI-000067 The Automation Controller must generate the appropriate log records.
APWS-AT-000230 CCI-001749 All Automation Controller NGINX front-end web server files must be verified for their integrity (e.g., checksums and hashes) before becoming part of the production web server.
APWS-AT-000240 CCI-001749 Expansion modules must be fully reviewed, tested, and signed before they can exist on a production Automation Controller NGINX front-end web server.
APWS-AT-000250 CCI-000381 All Automation Controller NGINX front-end web servers must not perform user management for hosted applications.
APWS-AT-000270 CCI-000381 All Automation Controller NGINX web servers must not be a proxy server for any process other than the Automation Controller application.
APWS-AT-000290 CCI-000381 All Automation Controller NGINX webserver accounts not utilized by installed features (i.e., tools, utilities, specific services, etc.) must not be created and must be deleted when the web server feature is uninstalled.
APWS-AT-000310 CCI-000381 All Automation Controller NGINX web servers must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled.
APWS-AT-000340 CCI-000381 All Automation Controller NGINX web servers must have Web Distributed Authoring (WebDAV) disabled.
APWS-AT-000350 CCI-000381 All Automation Controller NGINX web servers must protect system resources and privileged operations from hosted applications.
APWS-AT-000370 CCI-000382 All Automation Controller NGINX web servers must be configured to use a specified IP address and port.
APWS-AT-000400 CCI-000186 Only authenticated system administrators or the designated PKI Sponsor for an Automation Controller NGINX web server must have access to any Automation Controller NGINX web server's private key.
APWS-AT-000440 CCI-001082 All Automation Controller NGINX web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.
APWS-AT-000480 CCI-001664 Cookies exchanged between any Automation Controller NGINX web server and any client, such as session cookies, must have security settings that disallow cookie access outside the originating Automation Controller NGINX web server and hosted application.
APWS-AT-000590 CCI-001084 The Automation Controller NGINX web server document directory must be in a separate partition from the web server's system files.
APWS-AT-000610 CCI-001310 The Automation Controller NGINX web server must limit the character set used for data entry.
APWS-AT-000620 CCI-001312 The Automation Controller NGINX web server must display a default hosted application web page, not a directory listing, when a requested web page cannot be found.
APWS-AT-000640 CCI-001312 Debugging and trace information, within Automation Controller NGINX web server, used to diagnose the web server must be disabled.
APWS-AT-000700 CCI-001082 Nonprivileged accounts on the hosting system must only access Automation Controller NGINX web server security-relevant information and functions through a distinct administrative account.
APWS-AT-000780 CCI-001813 The Automation Controller NGINX web server application, libraries, and configuration files must only be accessible to privileged users.
APWS-AT-000830 CCI-002385 The Automation Controller NGINX web server must be protected from being stopped by a nonprivileged user.
APWS-AT-000850 CCI-002418 The Automation Controller NGINX web server must employ cryptographic mechanisms (TLS/DTLS/SSL) to prevent the unauthorized disclosure of information during transmission.
APWS-AT-000900 CCI-002418 Automation Controller NGINX web servers must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.
APWS-AT-000920 CCI-002420 The Automation Controller NGINX web servers must maintain the confidentiality and integrity of information during preparation for transmission.
APWS-AT-000940 CCI-002605 Automation Controller NGINX web servers must install security-relevant software updates within the configured time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
APWS-AT-000950 CCI-000366 All accounts installed with the Automation Controller NGINX web server's software and tools must have passwords assigned and default passwords changed.