STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide

V-240235

CAT II (Medium)

Lighttpd files must be verified for their integrity before being added to a production web server.

Rule ID

SV-240235r879584_rule

STIG

VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-001749

Discussion

Being able to verify that a patch, upgrade, certificate, etc., being added to the web server is unchanged from the producer of the file is essential for file validation and non-repudiation of the information. The Lighttpd web server files on vRA must be part of a documented build process. Checksums of the production files must be available to verify their integrity.

Check Content

Obtain supporting documentation from the ISSO.

Determine whether web server files are verified/validated before being implemented into the production environment.

If the web server files are not verified or validated before being implemented into the production environment, this is a finding.

Fix Text

Verify or validate the web server files for integrity before being implemented the production environment.