Documentation - V-206439

V-206439

Web Server Security Requirements Guide

CAT II

Title

A web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.

Description

<VulnDiscussion>Transport Layer Security (TLS) is a required transmission protocol for a web server hosting controlled information. The use of TLS provides confidentiality of data in transit between the web server and client. FIPS 140-2 approved TLS versions must be enabled and non-FIPS-approved SSL versions must be disabled. NIST SP 800-52 defines the approved TLS versions for government applications.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentab...

Fix Text (Documentation Requirement)

Configure the web server to use an approved TLS version according to NIST SP 800-52 and to disable all non-approved versions.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel