Red Hat Ansible Automation Controller Web Server STIG V1R2

View as one page
STIG ID Title
APWS-AT-000020 The Automation Controller web server must manage sessions.
APWS-AT-000030 The Automation Controller servers must use encrypted communication for all channels given the high impact of those services to an organization's infrastructure.
APWS-AT-000040 The Automation Controller NGINX web server must use cryptography on all remote connections.
APWS-AT-000090 The Automation Controller must generate the appropriate log records.
APWS-AT-000230 All Automation Controller NGINX front-end web server files must be verified for their integrity (e.g., checksums and hashes) before becoming part of the production web server.
APWS-AT-000240 Expansion modules must be fully reviewed, tested, and signed before they can exist on a production Automation Controller NGINX front-end web server.
APWS-AT-000250 All Automation Controller NGINX front-end web servers must not perform user management for hosted applications.
APWS-AT-000270 All Automation Controller NGINX web servers must not be a proxy server for any process other than the Automation Controller application.
APWS-AT-000290 All Automation Controller NGINX webserver accounts not utilized by installed features (i.e., tools, utilities, specific services, etc.) must not be created and must be deleted when the web server feature is uninstalled.
APWS-AT-000310 All Automation Controller NGINX web servers must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled.
APWS-AT-000340 All Automation Controller NGINX web servers must have Web Distributed Authoring (WebDAV) disabled.
APWS-AT-000350 All Automation Controller NGINX web servers must protect system resources and privileged operations from hosted applications.
APWS-AT-000370 All Automation Controller NGINX web servers must be configured to use a specified IP address and port.
APWS-AT-000400 Only authenticated system administrators or the designated PKI Sponsor for an Automation Controller NGINX web server must have access to any Automation Controller NGINX web server's private key.
APWS-AT-000440 All Automation Controller NGINX web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.
APWS-AT-000480 Cookies exchanged between any Automation Controller NGINX web server and any client, such as session cookies, must have security settings that disallow cookie access outside the originating Automation Controller NGINX web server and hosted application.
APWS-AT-000590 The Automation Controller NGINX web server document directory must be in a separate partition from the web server's system files.
APWS-AT-000610 The Automation Controller NGINX web server must limit the character set used for data entry.
APWS-AT-000620 The Automation Controller NGINX web server must display a default hosted application web page, not a directory listing, when a requested web page cannot be found.
APWS-AT-000640 Debugging and trace information, within Automation Controller NGINX web server, used to diagnose the web server must be disabled.
APWS-AT-000700 Nonprivileged accounts on the hosting system must only access Automation Controller NGINX web server security-relevant information and functions through a distinct administrative account.
APWS-AT-000780 The Automation Controller NGINX web server application, libraries, and configuration files must only be accessible to privileged users.
APWS-AT-000830 The Automation Controller NGINX web server must be protected from being stopped by a nonprivileged user.
APWS-AT-000850 The Automation Controller NGINX web server must employ cryptographic mechanisms (TLS/DTLS/SSL) to prevent the unauthorized disclosure of information during transmission.
APWS-AT-000900 Automation Controller NGINX web servers must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.
APWS-AT-000920 The Automation Controller NGINX web servers must maintain the confidentiality and integrity of information during preparation for transmission.
APWS-AT-000940 Automation Controller NGINX web servers must install security-relevant software updates within the configured time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
APWS-AT-000950 All accounts installed with the Automation Controller NGINX web server's software and tools must have passwords assigned and default passwords changed.