STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Apache Server 2.4 Windows Site Security Technical Implementation Guide

V-214380

CAT II (Medium)

The Apache web server must augment re-creation to a stable and known baseline.

Rule ID

SV-214380r961122_rule

STIG

Apache Server 2.4 Windows Site Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-001190

Discussion

Making certain that the web server has not been updated by an unauthorized user is always a concern. Adding patches, functions, and modules that are untested and not part of the baseline opens the possibility for security risks. The web server must offer, and not hinder, a method that allows for the quick and easy reinstallation of a verified and patched baseline to guarantee the production web server is up-to-date and has not been modified to add functionality or expose security risks. When the web server does not offer a method to roll back to a clean baseline, external methods, such as a baseline snapshot or virtualizing the web server, can be used.

Check Content

Interview the System Administrator for the Apache web server.

Ask for documentation on the disaster recovery methods tested and planned for the Apache web server in the event of the necessity for rollback.

If documentation for a disaster recovery has not been established, this is a finding.

Fix Text

Prepare documentation for disaster recovery methods for the Apache web server in the event of the necessity for rollback.

Document and test the disaster recovery methods designed.