|
Name |
iPlanet Tomcat V6R1.2 |
|
Version |
Version 6 Release 1.2 |
|
Status |
Under Review |
| Creation
Date |
Unknown |
| Revision
Date |
2007-04 |
| Product
Category |
Web Server |
| Vendor |
iPlanet |
| Product |
iPlanet Tomcat web server |
| Product
Version |
Not Applicable. |
| Product
Role |
Web Server |
|
Checklist
Summary |
This group of checklists covers valuable security-related information for iPlanet Tomcat web servers. It includes procedures to perform a Security Readiness Review (SRR). Security items covered are based on the Web Server Secure Technology Implementation Guide (STIG) published by DISA. However, these checklists have not been updated to meet the requirements of the new STIG as of this version, but will be updated in the future. The reviewer will apply Systems Administration knowledge and have familiarity with web server configurations. UNIX, Linux, and/or Windows server experience is beneficial. Users of this checklist will need to be able to navigate the file systems of these operating environments.
This web server checklist targets conditions that undermine the integrity of security, contribute to inefficient security operations and administration, or that may lead to the interruption of production operations. The documentation provides procedures for assessing the Tomcat web server product. The document is broken into five sections and appendices. The sections cover the following:
Section 1: A document overview and defines its scope.
Sections 2B and 2D: Check lists covering the areas in sections 3B and 3D.
Sections 3B and 3D: Provides configuration information for encryption, server logs, file permissions, email, banner page, password policies, account management, limiting applications, CGI, PERL, and Java.
|
| Known
Issues |
Not Applicable. |
| Target
Audience |
Developed by DISA for the DOD. This document is intended for those responsible
for the configuration and management of information systems. It assumes that the
reader has knowledge of web servers and is familiar with common computer terminology. |
| Target
Operational Environment |
Enterprise and Specialized Security-Limited Functionality. |
| Checklist
Installation Tools |
Not Applicable. |
| Rollback
Capability |
Not Applicable. |
| Testing
Information |
Not Available. |
| NIAP/CMVP
Status |
Not Available. |
| Regulatory
Compliance |
DOD Directive 8500.2, DOD Directive 8520.2 |
Comments,
Warnings, Disclaimer, Miscellaneous
|
Please refer to the Checklist. |
| Disclaimer |
Not Available. |
| Product
Support |
Only available to DOD customers. |
| Submitting
Organization/Authors |
Defense Information Systems Agency (DISA) |
| Point
of Contact |
Not Available. |
| Sponsor |
Not Available. |
| Licensing |
Not Available. |
| Checklist
Homepage |
http://iase.disa.mil/stigs/checklist/index.html |
| Download
Package |
http://iase.disa.mil/stigs/checklist/Web-SRR-Checklist-IPlanet-Tomcat-V6R1-2.zip |
| Integrity |
Sha1
(Web-SRR-Checklist-IPlanet-Tomcat-V6R1-2.zip) =
d9c4dc5bc465f616718b663083775d0d2ff6ae26
Sha256
(Web-SRR-Checklist-IPlanet-Tomcat-V6R1-2.zip) =
b3f77647d2ff9efb17a6bb15a1d99677fcec1b53e63
5f2fe13380564e14e1601 |
| Change
History |
Version 6, Release 1.2; 2007-04 |
| Dependency/Requirement |
iPlanet Tomcat V6R1.2 |
| References |
The following table enumerates the documents and resources consulted:
DOD Directive 8500.1, Information Assurance (IA). 24 October 2004
DOD Directive 8500.2, Information Assurance (IA). 6 February 2003
DOD Directive 8520.2, Information Assurance (IA). 1 April 2004 |
| NIST
Identifier |
1118 |
