8.2 Ensure 'SSL Inbound Inspection' is required for all untrusted traffic destined for servers using SSL or TLS

Information

Configure SSL Inbound Inspection for all untrusted traffic destined for servers using SSL or TLS.
Rationale:
Without SSL Inbound Inspection, the firewall is not able to protect SSL or TLS-enabled webservers against many threats.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Navigate to Policies > Decryption.
Set SSL Inbound Inspection appropriately for all untrusted traffic destined for servers using SSL or TLS.
Default Value:
Not Configured

See Also

https://workbench.cisecurity.org/files/2104

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SC-7, 800-53|SI-4, CSCv6|12, CSCv6|12.5, CSCv7|12, CSCv7|12.9, CSCv7|12.10

Plugin: Palo_Alto

Control ID: 06778297b6b07fc6b47239a0b56d33db130b875831ba36b829b3c3f47c7bcaa0