NIST SP 800-44 Guidelines on Securing Public Web Servers

NIST 800-44 v2 Guidelines on Securing Public Web Servers is a set of recommendations from the National Institute of Standards and Technology. The purpose of the Guidelines on Securing Public Web Servers is to recommend security practices for designing, implementing, and operating publicly accessible Web servers, including related network infrastructure issues. Some Federal organizations might need to go beyond these recommendations or adapt them in other ways to meet their unique requirements. While intended as recommendations for Federal departments and agencies, it may be used in the private sector on a voluntary basis. This document may be used by organizations interested in enhancing security on existing and future Web server systems to reduce the number and frequency of Web-related security incidents. This document presents generic principles that apply to all systems. This guideline does not cover the following aspects relating to securing a Web server: Securing other types of network servers Firewalls and routers used to protect Web servers beyond a basic discussion in Section 8 Security considerations related to Web client (browser) software Special considerations for high-traffic Web sites with multiple hosts5 Securing back-end servers that may support the Web server (e.g., database servers, file servers) Disclaimer This hardcopy is not published by National Institute of Standards and Technology (NIST), the US Government or US Department of Commerce. The publication of this document should not in any way imply any relationship or affiliation to the above named organizations and Government.