STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 7 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Oracle HTTP Server 12.1.3 Security Technical Implementation Guide

V-221302

CAT II (Medium)

Non-privileged accounts on the hosting system must only access OHS security-relevant information and functions through a distinct administrative account.

Rule ID

SV-221302r961353_rule

STIG

Oracle HTTP Server 12.1.3 Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-002235

Discussion

By separating web server security functions from non-privileged users, roles can be developed that can then be used to administer the web server. Forcing users to change from a non-privileged account to a privileged account when operating on the web server or on security-relevant information forces users to only operate as a web server administrator when necessary. Operating in this manner allows for better logging of changes and better forensic information and limits accidental changes to the web server.

Check Content

1. Check that sudo is properly configured for the account owning the OHS software.

2. If accounts other than the account that owns the OHS software can access the OHS software, this is a finding.

Fix Text

1. Configure sudo such that only the account that owns the OHS software can access it from the hosting system.