Tomcat users in a management role must be approved by the ISSO.
An XCCDF Rule
Description
Deploying applications to Tomcat requires a Tomcat user account that is in the "manager-script" role. Any user accounts in a Tomcat management role must be approved by the ISSO.
- ID
- SV-223006r961863_rule
- Version
- TCAT-AS-001700
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Document the users and the roles that have been defined for use with the Tomcat server.
Ensure that all users and roles with access to Tomcat management features and capabilities are approved by the ISSO.