Tomcat users in a management role must be approved by the ISSO.

An XCCDF Rule

Details
Profiles
Prose

Description

<VulnDiscussion>Deploying applications to Tomcat requires a Tomcat user account that is in the "manager-script" role. Any user accounts in a Tomcat management role must be approved by the ISSO.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-223006r879887_rule
Severity: Medium
References: CCI-000366
Updated: 8 months ago

Document the users and the roles that have been defined for use with the Tomcat server.

Ensure that all users and roles with access to Tomcat management features and capabilities are approved by the ISSO.

Tomcat users in a management role must be approved by the ISSO.

Description

Remediation - Manual Procedure