| APWS-AT-000020 |
The Automation Controller web server must manage sessions. |
| APWS-AT-000030 |
The Automation Controller servers must use encrypted communication for all channels given the high impact of those services to an organization's infrastructure. |
| APWS-AT-000040 |
The Automation Controller NGINX web server must use cryptography on all remote connections. |
| APWS-AT-000090 |
The Automation Controller must generate the appropriate log records. |
| APWS-AT-000230 |
All Automation Controller NGINX front-end web server files must be verified for their integrity (e.g., checksums and hashes) before becoming part of the production web server. |
| APWS-AT-000240 |
Expansion modules must be fully reviewed, tested, and signed before they can exist on a production Automation Controller NGINX front-end web server. |
| APWS-AT-000250 |
All Automation Controller NGINX front-end web servers must not perform user management for hosted applications. |
| APWS-AT-000270 |
All Automation Controller NGINX web servers must not be a proxy server for any process other than the Automation Controller application. |
| APWS-AT-000290 |
All Automation Controller NGINX webserver accounts not utilized by installed features (i.e., tools, utilities, specific services, etc.) must not be created and must be deleted when the web server feature is uninstalled. |
| APWS-AT-000310 |
All Automation Controller NGINX web servers must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled. |
| APWS-AT-000340 |
All Automation Controller NGINX web servers must have Web Distributed Authoring (WebDAV) disabled. |
| APWS-AT-000350 |
All Automation Controller NGINX web servers must protect system resources and privileged operations from hosted applications. |
| APWS-AT-000370 |
All Automation Controller NGINX web servers must be configured to use a specified IP address and port. |
| APWS-AT-000400 |
Only authenticated system administrators or the designated PKI Sponsor for an Automation Controller NGINX web server must have access to any Automation Controller NGINX web server's private key. |
| APWS-AT-000440 |
All Automation Controller NGINX web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts. |
| APWS-AT-000480 |
Cookies exchanged between any Automation Controller NGINX web server and any client, such as session cookies, must have security settings that disallow cookie access outside the originating Automation Controller NGINX web server and hosted application. |
| APWS-AT-000590 |
The Automation Controller NGINX web server document directory must be in a separate partition from the web server's system files. |
| APWS-AT-000610 |
The Automation Controller NGINX web server must limit the character set used for data entry. |
| APWS-AT-000620 |
The Automation Controller NGINX web server must display a default hosted application web page, not a directory listing, when a requested web page cannot be found. |
| APWS-AT-000640 |
Debugging and trace information, within Automation Controller NGINX web server, used to diagnose the web server must be disabled. |
| APWS-AT-000700 |
Nonprivileged accounts on the hosting system must only access Automation Controller NGINX web server security-relevant information and functions through a distinct administrative account. |
| APWS-AT-000780 |
The Automation Controller NGINX web server application, libraries, and configuration files must only be accessible to privileged users. |
| APWS-AT-000830 |
The Automation Controller NGINX web server must be protected from being stopped by a nonprivileged user. |
| APWS-AT-000850 |
The Automation Controller NGINX web server must employ cryptographic mechanisms (TLS/DTLS/SSL) to prevent the unauthorized disclosure of information during transmission. |
| APWS-AT-000900 |
Automation Controller NGINX web servers must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version. |
| APWS-AT-000920 |
The Automation Controller NGINX web servers must maintain the confidentiality and integrity of information during preparation for transmission. |
| APWS-AT-000940 |
Automation Controller NGINX web servers must install security-relevant software updates within the configured time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs). |
| APWS-AT-000950 |
All accounts installed with the Automation Controller NGINX web server's software and tools must have passwords assigned and default passwords changed. |