################################################################################
DOCUMENT         : Apache_Server_2-4_Windows_Server_STIG
VERSION          : 001.001.001
CHECKSUM         : 3300f6a057e391a3fa1dc896aeecf517f22f2e2fb57bad0162ab2e476f419aac
MANUAL QUESTIONS : 26

IMPORTANT: Make sure to save the completed version of this file to: 
<SCC Install>/Resources/Content/Manual_Questions/Completed_Files

This file contains all of the non-automated STIG requirements found in the STIG.
Results from this file will be combined with automated checks in SCC to provide
complete STIG compliance results.

This file will be programmaticaly imported, so do not modify anything in this file
except for placing an '[X]' to select a Single answer, and entering text comments.

The list of questions is printed in order of severity, listing CAT I (High), then CAT II, etc..

################################################################################

QUESTION         : 1 of 26
TITLE            : CAT I, V-214321, SV-214321r960963, SRG-APP-000141-WSR-000077
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:2901
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:2901
RULE             : The Apache web server must provide install options to exclude the installation of documentation, sample code, example applications, and tutorials.
QUESTION_TEXT    : If the site requires the use of a particular piece of software, the Information System Security Officer (ISSO) will need to maintain documentation identifying this software as necessary for operations. The software must be operated at the vendor's current patch level and must be a supported vendor release.

If programs or utilities that meet the above criteria are installed on the web server, and appropriate documentation and signatures are in evidence, this is not a finding.

Determine whether the web server is configured with unnecessary software.

Determine whether processes other than those that support the web server are loaded and/or run on the web server.

Examples of software that should not be on the web server are all web development tools, office suites (unless the web server is a private web development server), compilers, and other utilities that are not part of the web server suite or the basic operating system.

Check the directory structure of the server and verify that additional, unintended, or unneeded applications are not loaded on the system.

If, after review of the application on the system, there is no justification for the identified software, this is a finding.

References:
SV-102463
V-92375
CCI-000381
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 1 *******************************

QUESTION         : 2 of 26
TITLE            : CAT I, V-214322, SV-214322r960963, SRG-APP-000141-WSR-000078
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:3101
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:3101
RULE             : Apache web server application directories,  libraries, and configuration files must only be accessible to privileged users.
QUESTION_TEXT    : Obtain a list of the user accounts for the system, noting the privileges for each account.

Verify with the System Administrator (SA) or the Information System Security Officer (ISSO) that all privileged accounts are mission essential and documented.

Verify with the SA or the ISSO that all non-administrator access to shell scripts and operating system functions are mission essential and documented.

If undocumented privileged accounts are present, this is a finding.

If undocumented access to shell scripts or operating system functions is present, this is a finding.

References:
SV-102465
V-92377
CCI-000381
CCI-001082
CCI-001813
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 2 *******************************

QUESTION         : 3 of 26
TITLE            : CAT I, V-214357, SV-214357r961863, SRG-APP-000516-WSR-000079
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:9301
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:9301
RULE             : All accounts installed with the Apache web server software and tools must have passwords assigned and default passwords changed.
QUESTION_TEXT    : Access "Apps" menu. Under "Administrative Tools", select "Computer Management".

In left pane, expand "Local Users and Groups" and click on "Users".

Review the local users listed in the middle pane. 

If any local accounts are present and are used by Apache Web Server, verify with System Administrator that default passwords have been changed.

If passwords have not been changed from the default, this is a finding.

References:
SV-102565
V-92477
CCI-000366
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 3 *******************************

QUESTION         : 4 of 26
TITLE            : CAT II, V-214312, SV-214312r960900, SRG-APP-000098-WSR-000060
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:1301
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:1301
RULE             : An Apache web server, behind a load balancer or proxy server, must produce log records containing the client IP information as the source and destination and not the load balancer or proxy IP information with each event.
QUESTION_TEXT    : Interview the System Administrator to review the configuration of the Apache web server architecture and determine if inbound web traffic is passed through a proxy.

If the Apache web server is receiving inbound web traffic through a proxy, the audit logs must be reviewed to determine if correct source information is being passed through by the proxy server.

View Apache log files as configured in "httpd.conf" files.

When the log file is displayed, review source IP information in log entries and verify the entries do not reflect the IP address of the proxy server.

If the log entries in the log file(s) reflect the IP address of the proxy server as the source, this is a finding.

References:
SV-102439
V-92351
CCI-000133
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 4 *******************************

QUESTION         : 5 of 26
TITLE            : CAT II, V-214313, SV-214313r960912, SRG-APP-000108-WSR-000166
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:1501
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:1501
RULE             : The Apache web server must use a logging mechanism that is configured to alert the (ISSO) and System Administrator (SA) in the event of a processing failure.
QUESTION_TEXT    : Work with the SIEM administrator to determine if an alert is configured when audit data is no longer received as expected.

If there is no alert configured, this is a finding.

References:
SV-102445
V-92357
CCI-000139
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 5 *******************************

QUESTION         : 6 of 26
TITLE            : CAT II, V-214314, SV-214314r960930, SRG-APP-000118-WSR-000068
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:1701
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:1701
RULE             : The Apache web server log files must only be accessible by privileged users.
QUESTION_TEXT    : Review the <'INSTALL PATH'>\conf\httpd.conf file to determine the location of the logs.

Determine permissions for log files. From the command line, navigate to the directory where the log files are located and enter the following command:

icacls <'Apache Directory'>\logs\*

ex: icacls c:\Apache24\logs\*

Only the Auditors, Web Managers, Administrators, and the account that runs the web server should have permissions to the files.

If any users other than those authorized have read access to the log files, this is a finding.

References:
SV-102447
V-92359
CCI-000162
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 6 *******************************

QUESTION         : 7 of 26
TITLE            : CAT II, V-214315, SV-214315r960936, SRG-APP-000120-WSR-000070
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:1901
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:1901
RULE             : The log information from the Apache web server must be protected from unauthorized deletion and modification.
QUESTION_TEXT    : Query the System Administrator (SA) to determine who has update access to the web server log files. 

The role of auditor and the role of SA should be distinctly separate. An individual functioning as an auditor should not also serve as an SA due to a conflict of interest.

Only management-authorized individuals with a privileged ID or group ID associated with an auditor role will have access permission to log files that are greater than read on web servers he or she has been authorized to audit.

Only management-authorized individuals with a privileged ID or group ID associated with either an SA or Web Administrator role may have read authority to log files for the web servers he or she has been authorized to administer.

If an account with roles other than auditor has greater than read authority to the log files, this is a finding.

Obtain the log location by reviewing the <'INSTALL PATH'>\conf\httpd.conf file.

Click the "Browse" button and navigate to the directory where the log files are stored.

Right-click the log file name to review and click "Properties".

Click the "Security" tab.

If an account associated with roles other than auditors, SAs, or Web Administrators has any access to log files, this is a finding.

If an account with roles other than auditor has greater than read authority to the log files, this is a finding.

This check does not apply to service account IDs used by automated services necessary to process, manage, and store log files.

References:
SV-102451
V-92363
CCI-000163
CCI-000164
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 7 *******************************

QUESTION         : 8 of 26
TITLE            : CAT II, V-214316, SV-214316r960948, SRG-APP-000125-WSR-000071
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:2101
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:2101
RULE             : The log data and records from the Apache web server must be backed up onto a different system or media.
QUESTION_TEXT    : Interview the Information System Security Officer (ISSO), System Administrator (SA), Web Manager, Webmaster, or developers as necessary to determine whether a tested and verifiable backup strategy has been implemented for web server software as well as all web server data files.

Proposed Questions:
Who maintains the backup and recovery procedures?
Do you have a copy of the backup and recovery procedures?
Where is the off-site backup location?
Is the contingency plan documented?
When was the last time the contingency plan was tested?
Are the test dates and results documented?

If there is not a backup and recovery process for the web server, this is a finding.

References:
SV-102453
V-92365
CCI-001348
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 8 *******************************

QUESTION         : 9 of 26
TITLE            : CAT II, V-214318, SV-214318r960963, SRG-APP-000141-WSR-000015
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:2301
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:2301
RULE             : The Apache web server must not perform user management for hosted applications.
QUESTION_TEXT    : Interview the System Administrator (SA) about the role of the Apache web server.

If the web server is hosting an application, have the SA provide supporting documentation on how the application's user management is accomplished outside of the web server.

If the web server is not hosting an application, this is Not Applicable.

If the web server is performing user management for hosted applications, this is a finding.

If the web server is hosting an application and the SA cannot provide supporting documentation on how the application's user management is accomplished outside of the Apache web server, this is a finding.

References:
SV-102457
V-92369
CCI-000381
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 9 *******************************

QUESTION         : 10 of 26
TITLE            : CAT II, V-214319, SV-214319r960963, SRG-APP-000141-WSR-000075
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:2501
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:2501
RULE             : The Apache web server must only contain services and functions necessary for operation.
QUESTION_TEXT    : Verify the document root directory and the configuration files do not provide for default index.html or welcome page.

Verify the Apache User Manual content is not installed by checking the configuration files for manual location directives.

Verify the Apache configuration files do not have the Server Status handler configured.

Verify that the Server Information handler is not configured.

Verify that any other handler configurations such as perl-status is not enabled.

If any of these are present, this is a finding.

References:
SV-102459
V-92371
CCI-000381
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 10 *******************************

QUESTION         : 11 of 26
TITLE            : CAT II, V-214324, SV-214324r960963, SRG-APP-000141-WSR-000082
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:3501
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:3501
RULE             : The Apache web server must allow the mappings to unused and vulnerable scripts to be removed.
QUESTION_TEXT    : Review the <'INSTALL PATH'>\conf\httpd.conf file.

Locate cgi-bin files and directories enabled in the "Script", "ScriptAlias" or "ScriptAliasMatch", or "ScriptInterpreterSource" directives.

If any script is not needed for application operation, this is a finding.

References:
SV-102471
V-92383
CCI-000381
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 11 *******************************

QUESTION         : 12 of 26
TITLE            : CAT II, V-214329, SV-214329r1138072, SRG-APP-000211-WSR-000030
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:4501
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:4501
RULE             : Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.
QUESTION_TEXT    : Review the web server documentation and configuration to determine what web server accounts are available on the hosting server.

Review permissions in the web and Apache directories.
 
If the files are owned by anyone other than the Apache user set up to run Apache, this is a finding.

If non-privileged web server accounts are available with access to functions, directories, or files not needed for the role of the account, this is a finding.

References:
SV-102487
V-92399
CCI-001082
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 12 *******************************

QUESTION         : 13 of 26
TITLE            : CAT II, V-214330, SV-214330r1138074, SRG-APP-000211-WSR-000129
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:4701
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:4701
RULE             : The Apache web server must separate the hosted applications from hosted Apache web server management functionality.
QUESTION_TEXT    : Review the web server documentation and deployed configuration to determine whether hosted application functionality is separated from web server management functions.

If the functions are not separated, this is a finding.

References:
SV-102491
V-92403
CCI-001082
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 13 *******************************

QUESTION         : 14 of 26
TITLE            : CAT II, V-214332, SV-214332r1043180, SRG-APP-000223-WSR-000011
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:4901
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:4901
RULE             : Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application.
QUESTION_TEXT    : Review the <'INSTALL PATH'>\conf\httpd.conf file.

If "HttpOnly;secure" is not configured, this is a finding.

Review the code. If when creating cookies, the following is not occurring, this is a finding:

function setCookie() { document.cookie = "ALEPH_SESSION_ID = $SESS; path = /; secure"; }

References:
SV-102495
V-92407
CCI-001664
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 14 *******************************

QUESTION         : 15 of 26
TITLE            : CAT II, V-214336, SV-214336r961122, SRG-APP-000225-WSR-000140
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:5501
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:5501
RULE             : The Apache web server must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.
QUESTION_TEXT    : Interview the System Administrator for the Apache 2.4 web server.

Ask for documentation on the disaster recovery methods tested and planned for the Apache 2.4 web server in the event of the necessity for rollback.

If documentation for a disaster recovery has not been established, this is a finding.

References:
SV-102511
V-92423
CCI-001190
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 15 *******************************

QUESTION         : 16 of 26
TITLE            : CAT II, V-214337, SV-214337r961131, SRG-APP-000233-WSR-000146
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:5701
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:5701
RULE             : The Apache web server document directory must be in a separate partition from the Apache web servers system files.
QUESTION_TEXT    : Determine whether the public web server has a two-way trusted relationship with any private asset located within the network. Private web server resources (e.g., drives, folders, printers, etc.) will not be directly mapped to or shared with public web servers.

If sharing is selected for any web folder, this is a finding.

If private resources (e.g., drives, partitions, folders/directories, printers, etc.) are shared with the public web server, this is a finding.

References:
SV-102513
V-92425
CCI-001084
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 16 *******************************

QUESTION         : 17 of 26
TITLE            : CAT II, V-214343, SV-214343r961278, SRG-APP-000315-WSR-000004
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:6901
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:6901
RULE             : The Apache web server must restrict inbound connections from nonsecure zones.
QUESTION_TEXT    : Review the <'INSTALL PATH'>\conf\httpd.conf file.

If "IP Address Restrictions" are not configured or IP ranges configured to be "Allow" are not restrictive enough to prevent connections from nonsecure zones, this is a finding.

References:
SV-102527
V-92439
CCI-002314
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 17 *******************************

QUESTION         : 18 of 26
TITLE            : CAT II, V-214344, SV-214344r961281, SRG-APP-000316-WSR-000170
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:7101
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:7101
RULE             : The Apache web server must be configured to immediately disconnect or disable remote access to the hosted applications.
QUESTION_TEXT    : Interview the System Administrator and Web Manager.

Ask for documentation for the Apache web server administration.

Verify there are documented procedures for shutting down an Apache website in the event of an attack. The procedure should, at a minimum, provide the following steps:

Determine the respective website for the application at risk of an attack.

Stop the Apache service.

If the web server is not capable of or cannot be configured to disconnect or disable remote access to the hosted applications when necessary, this is a finding.

References:
SV-102529
V-92441
CCI-002322
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 18 *******************************

QUESTION         : 19 of 26
TITLE            : CAT II, V-214345, SV-214345r961353, SRG-APP-000340-WSR-000029
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:7301
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:7301
RULE             : Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account.
QUESTION_TEXT    : Determine which tool or control file is used to control the configuration of the web server.

If the control of the web server is done via control files, verify who has update access to them. If tools are being used to configure the web server, determine who has access to execute the tools.

If accounts other than the System Administrator (SA), the Web Manager, or the Web Manager designees have access to the web administration tool or control files, this is a finding.

References:
SV-102531
V-92443
CCI-002235
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 19 *******************************

QUESTION         : 20 of 26
TITLE            : CAT II, V-214347, SV-214347r961392, SRG-APP-000357-WSR-000150
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:7701
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:7701
RULE             : The Apache web server must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the Apache web server.
QUESTION_TEXT    : Work with SIEM administrator to determine log storage capacity. 

If there is no setting within a SIEM to accommodate enough a large logging capacity, this is a finding.

References:
SV-102535
V-92447
CCI-001849
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 20 *******************************

QUESTION         : 21 of 26
TITLE            : CAT II, V-214348, SV-214348r961395, SRG-APP-000358-WSR-000063
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:7901
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:7901
RULE             : The Apache web server must not impede the ability to write specified log record content to an audit log server.
QUESTION_TEXT    : Work with the SIEM administrator to determine current security integrations. 

If the SIEM is not integrated with security, this is a finding.

References:
SV-102537
V-92449
CCI-001851
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 21 *******************************

QUESTION         : 22 of 26
TITLE            : CAT II, V-214349, SV-214349r961395, SRG-APP-000358-WSR-000163
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:8101
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:8101
RULE             : The Apache web server must be configurable to integrate with an organizations security infrastructure.
QUESTION_TEXT    : Work with the SIEM administrator to determine current security integrations. 

If the SIEM is not integrated with security, this is a finding.

References:
SV-102539
V-92451
CCI-001851
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 22 *******************************

QUESTION         : 23 of 26
TITLE            : CAT II, V-214350, SV-214350r961398, SRG-APP-000359-WSR-000065
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:8301
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:8301
RULE             : The Apache web server must use a logging mechanism that is configured to provide a warning to the Information System Security Officer (ISSO) and System Administrator (SA) when allocated record storage volume reaches 75 percent of maximum log record storage capacity.
QUESTION_TEXT    : Work with the SIEM administrator to determine if an alert is configured when audit data is no longer received as expected.

If there is no alert configured, this is a finding.

References:
SV-102543
V-92455
CCI-001855
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 23 *******************************

QUESTION         : 24 of 26
TITLE            : CAT II, V-214353, SV-214353r961620, SRG-APP-000435-WSR-000147
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:8701
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:8701
RULE             : The Apache web server must be protected from being stopped by a non-privileged user.
QUESTION_TEXT    : Right-click <'Install Path'>\bin\httpd.exe.

Click "Properties" from the "Context" menu.

Select the "Security" tab.

Review the groups and user names.

The following account may have Full control privileges:

TrustedInstaller
Web Managers
Web Manager designees

The following accounts may have read and execute, or read permissions:

Non Web Manager Administrators
ALL APPLICATION PACKAGES (built-in security group)
SYSTEM
Users

Specific users may be granted read and execute and read permissions.

Compare the local documentation authorizing specific users against the users observed when reviewing the groups and users.

If any other access is observed, this is a finding.

References:
SV-102551
V-92463
CCI-002385
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 24 *******************************

QUESTION         : 25 of 26
TITLE            : CAT II, V-214356, SV-214356r1138080, SRG-APP-000456-WSR-000187
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:9101
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:9101
RULE             : The Apache web server must install security-relevant software updates within the configured time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
QUESTION_TEXT    : Determine the most recent patch level of the Apache web server 2.4 software, as posted on the Apache HTTP Server Project website.

In a command line, type "httpd -v".

If the version is more than one version behind the most recent patch level, this is a finding.

References:
SV-102563
V-92475
CCI-002605
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 25 *******************************

QUESTION         : 26 of 26
TITLE            : CAT II, V-214360, SV-214360r961863, SRG-APP-000516-WSR-000174
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:9701
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:9701
RULE             : The Apache web server must alert the ISSO and SA (at a minimum) in the event of an audit processing failure.
QUESTION_TEXT    : Work with the SIEM administrator to determine if an alert is configured when audit data is no longer received as expected.

If there is no alert configured, this is a finding.

References:
SV-104685
V-94855
CCI-000366
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 26 *******************************

