STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide

V-240235

CAT II (Medium)

Lighttpd files must be verified for their integrity before being added to a production web server.

Rule ID

SV-240235r879584_rule

STIG

VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-001749

Discussion

Being able to verify that a patch, upgrade, certificate, etc., being added to the web server is unchanged from the producer of the file is essential for file validation and non-repudiation of the information. The Lighttpd web server files on vRA must be part of a documented build process. Checksums of the production files must be available to verify their integrity.

Check Content

Obtain supporting documentation from the ISSO.

Determine whether web server files are verified/validated before being implemented into the production environment.

If the web server files are not verified or validated before being implemented into the production environment, this is a finding.

Fix Text

Verify or validate the web server files for integrity before being implemented the production environment.