Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
All Web applications included with Apache Tomcat that are not required must be removed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-224781 | ISEC-06-550200 | SV-224781r505933_rule | Medium |
| Description |
|---|
| Removal of unneeded or non-secure functions, ports, protocols, and services mitigate the risk of unauthorized connection of devices, unauthorized transfer of information, or other exploitation of these resources. The organization must perform a periodic scan/review of the application (as required by CCI-000384) and disable functions, ports, protocols, and services deemed to be unneeded or non-secure. |
| STIG | Date |
|---|---|
| ISEC7 Sphere Security Technical Implementation Guide | 2020-09-04 |
Details
| Check Text ( C-26472r461599_chk ) |
|---|
| Verify CATALINA_HOME/webapps Tomcat administrative tool has been configured to remove all Web applications that are not required. Log in to the ISEC7 EMM Suite server. Browse to Confirm all folders in the directory with the exception of Manager and Host-Manager have been removed. If the CATALINA_HOME/webapps Tomcat administrative tool has not been configured to remove all Web applications that are not required, this is a finding. |
| Fix Text (F-26460r461600_fix) |
|---|
| To configure the CATALINA_HOME/webapps Tomcat administrative tool to remove all Web applications that are not required, run the ISEC7 integrated installer or use the following manual procedure: Login to the ISEC7 EMM Suite server. Browse to Remove all folders in the directory with the exception of Manager and Host-Manager. |