Documentation - V-223008

V-223008

Apache Tomcat Application Server 9 Security Technical Implementation Guide

CAT III

Title

Connectors must be approved by the ISSO.

Description

<VulnDiscussion>Connectors are how Tomcat receives requests over a network port, passes them to hosted web applications via HTTP or AJP and then sends back the results to the requestor. A port and a protocol are tied to each connector. Only connectors approved by the ISSO must be installed. ISSO review will consist of validating connector protocol as being secure and required in order for the hosted application to operate. The ISSO will ensure that unnecessary or insecure connector protocols are...

Fix Text (Documentation Requirement)

Document and obtain ISSO approval for the Connectors that are configured on the Tomcat server. Retain the information in the SSP and present to the auditor in the event of a CCRI.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel