Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Resources
Documents
Publishers
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide
SRG-APP-000014-AS-000009
SRG-APP-000014-AS-000009
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-APP-000014-AS-000009
1 Rule
HTTP management session traffic must be encrypted.
Medium Severity
Types of management interfaces utilized by the JBoss EAP application server include web-based HTTP interfaces as well as command line-based management interfaces. In the event remote HTTP management is required, the access must be via HTTPS. This requirement is in conjunction with the requirement to isolate all management access to a restricted network.