All Automation Controller NGINX web servers must protect system resources and privileged operations from hosted applications.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-256951 | APWS-AT-000350 | SV-256951r960963_rule | CCI-000381 | low |
| Description | ||||
| Automation Controller NGINX web servers may host too many applications. Each application will need certain system resources and privileged operations to operate correctly. The Automation Controller NGINX web servers must be configured to contain and control the applications and protect the system resources and privileged operations from those not needed by the application for operation. Not limiting the application will exacerbate the potential harm a compromised application could cause to a system. | ||||
| STIG | Date | |||
| Red Hat Ansible Automation Controller Web Server Security Technical Implementation Guide | 2024-08-27 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-7
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.4.6
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000381
1.00
- DISA · 2 · disa_xccdf · related
Details
Check Text (C-256951r960963_chk)
As a system administrator for each Automation Controller NGINX web server host, check if SELinux is enabled in enforcing mode:
getenforce | grep Enforcing >/dev/null || echo FAILED
If "FAILED" is displayed, this is a finding.
Fix Text (F-60568r902366_fix)
As a system administrator for each Automation Controller NGINX web server host, place the server in SELinux enforcing mode:
setenforce 1