Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Microsoft SCOM Security Technical Implementation Guide
SRG-APP-000412-NDM-000331
The SCOM Web Console must be configured for HTTPS.
The SCOM Web Console must be configured for HTTPS.
An XCCDF Rule
Details
Profiles
Prose
The SCOM Web Console must be configured for HTTPS.
High Severity
<VulnDiscussion>HTTP sessions are sent in clear text and can allow a man in the middle to recon the environment. The web console itself does not allow for administrative actions, so most of the risk associated with http authentication is inherently mitigated. However, this would allow an attacker to intercept SCOM web-console traffic for reconnaissance purposes.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>