The web server must augment re-creation to a stable and known baseline.

From Web Server Security Requirements Guide

Associated with: CCI-001190

SV-70283r2_rule The web server must augment re-creation to a stable and known baseline.

Vulnerability discussion

Making certain that the web server has not been updated by an unauthorized user is always a concern. Adding patches, functions, and modules that are untested and not part of the baseline opens the possibility for security risks. The web server must offer, and not hinder, a method that allows for the quick and easy reinstallation of a verified and patched baseline to guarantee the production web server is up-to-date and has not been modified to add functionality or expose security risks.When the web server does not offer a method to roll back to a clean baseline, external methods, such as a baseline snapshot or virtualizing the web server, can be used.

Check content

Review the web server documentation and deployed configuration to determine if the web server offers the capability to reinstall from a known state. If the web server does not offer this capability, determine if the web server, in any manner, prohibits the reinstallation of a known state. If the web server does prohibit the reinstallation to a known state, this is a finding.

Fix text

Configure the web server to augment and not hinder the reinstallation of a known and stable baseline.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.