Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide
SRG-APP-000015-AS-000010
HTTPS must be enabled for JBoss web interfaces.
HTTPS must be enabled for JBoss web interfaces.
An XCCDF Rule
Details
Profiles
Prose
HTTPS must be enabled for JBoss web interfaces.
Medium Severity
<VulnDiscussion>Encryption is critical for protection of web-based traffic. If encryption is not being used to protect the application server's web connectors, malicious users may gain the ability to read or modify the application traffic while it is in transit over the network. The use of cryptography on web connectors secures web-based traffic and mitigates that risk. HTTPS and Transport Layer Security (TLS) are the means in which cryptographic protections are applied to web connectors. FIPS 140-2 approved TLS versions include TLS V1.2 or greater.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>