Documentation - V-204743

V-204743

Application Server Security Requirements Guide

CAT II

Title

The application server must adhere to the principles of least functionality by providing only essential capabilities.

Description

<VulnDiscussion>Application servers provide a myriad of differing processes, features and functionalities. Some of these processes may be deemed to be unnecessary or too unsecure to run on a production DoD system. Application servers must provide the capability to disable or deactivate functionality and services that are deemed to be non-essential to the server mission or can adversely impact server performance, for example, disabling dynamic JSP reloading on production application servers as a ...

Fix Text (Documentation Requirement)

Configure the application server to use only essential features and capabilities.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel