6.2 Ensure SSLEnabled is set to True for Sensitive Connectors

Information

The SSLEnabled setting determines if SSL is enabled for a specific Connector. It is recommended that SSL be utilized for any Connector that sends or receives sensitive information, such as authentication credentials or personal information.

Rationale:

The SSLEnabled setting ensures SSL is active, which will in-turn ensure the confidentiality and integrity of sensitive information while in transit.

Solution

In server.xml, set the SSLEnabled attribute to true for each Connector that sends or receives sensitive information

<Connector
...
SSLEnabled='true'
...
/>

Default Value:

SSLEnabled is set to false.

See Also

https://workbench.cisecurity.org/benchmarks/11652

Item Details

Category: ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AC-17(2), 800-53|IA-5, 800-53|IA-5(1), 800-53|SC-8, 800-53|SC-8(1), CSCv7|14.4

Plugin: Unix

Control ID: 67ec4450094fec0b44438874a3e73f163b72e2efebd7173291d2bc27a5606687