STIGs Search Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 6 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

Red Hat Ansible Automation Controller Web Server Security Technical Implementation Guide

Archived

Version

V2R3

Release Date

Nov 20, 2025

SCAP Benchmark ID

RH_Ansible_Automation_Controller_Web_Server_STIG

Total Checks

28

Tags

web

CAT I: 2CAT II: 25CAT III: 1

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON

Checks (28)

V-256940MEDIUMThe Automation Controller web server must manage sessions.V-256941MEDIUMThe Automation Controller servers must use encrypted communication for all channels given the high impact of those services to an organization's infrastructure.V-256942MEDIUMThe Automation Controller NGINX web server must use cryptography on all remote connections.V-256943MEDIUMThe Automation Controller must generate the appropriate log records.V-256944HIGHAll Automation Controller NGINX front-end web server files must be verified for their integrity (e.g., checksums and hashes) before becoming part of the production web server.V-256945MEDIUMExpansion modules must be fully reviewed, tested, and signed before they can exist on a production Automation Controller NGINX front-end web server.V-256946MEDIUMAll Automation Controller NGINX front-end web servers must not perform user management for hosted applications.V-256947MEDIUMAll Automation Controller NGINX web servers must not be a proxy server for any process other than the Automation Controller application.V-256948MEDIUMAll Automation Controller NGINX webserver accounts not utilized by installed features (i.e., tools, utilities, specific services, etc.) must not be created and must be deleted when the web server feature is uninstalled.V-256949MEDIUMAll Automation Controller NGINX web servers must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled.V-256950MEDIUMAll Automation Controller NGINX web servers must have Web Distributed Authoring (WebDAV) disabled.V-256951LOWAll Automation Controller NGINX web servers must protect system resources and privileged operations from hosted applications.V-256952MEDIUMAll Automation Controller NGINX web servers must be configured to use a specified IP address and port.V-256953MEDIUMOnly authenticated system administrators or the designated PKI Sponsor for an Automation Controller NGINX web server must have access to any Automation Controller NGINX web server's private key.V-256954MEDIUMAll Automation Controller NGINX web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.V-256955MEDIUMCookies exchanged between any Automation Controller NGINX web server and any client, such as session cookies, must have security settings that disallow cookie access outside the originating Automation Controller NGINX web server and hosted application.V-256956MEDIUMThe Automation Controller NGINX web server document directory must be in a separate partition from the web server's system files.V-256957MEDIUMThe Automation Controller NGINX web server must limit the character set used for data entry.V-256958MEDIUMThe Automation Controller NGINX web server must display a default hosted application web page, not a directory listing, when a requested web page cannot be found.V-256959MEDIUMDebugging and trace information, within Automation Controller NGINX web server, used to diagnose the web server must be disabled.V-256960MEDIUMNonprivileged accounts on the hosting system must only access Automation Controller NGINX web server security-relevant information and functions through a distinct administrative account.V-256961MEDIUMThe Automation Controller NGINX web server application, libraries, and configuration files must only be accessible to privileged users.V-256962MEDIUMThe Automation Controller NGINX web server must be protected from being stopped by a nonprivileged user.V-256963HIGHThe Automation Controller NGINX web server must employ cryptographic mechanisms (TLS/DTLS/SSL) to prevent the unauthorized disclosure of information during transmission.V-256964MEDIUMAutomation Controller NGINX web servers must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.V-256965MEDIUMThe Automation Controller NGINX web servers must maintain the confidentiality and integrity of information during preparation for transmission.V-256966MEDIUMAutomation Controller NGINX web servers must install security-relevant software updates within the configured time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).V-256967MEDIUMAll accounts installed with the Automation Controller NGINX web server's software and tools must have passwords assigned and default passwords changed.