STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to ISEC7 Sphere Security Technical Implementation Guide

V-224781

CAT II (Medium)

All Web applications included with Apache Tomcat that are not required must be removed.

Rule ID

SV-224781r1013855_rule

STIG

ISEC7 Sphere Security Technical Implementation Guide

Version

V3R1

CCIs

CCI-001762

Discussion

Removal of unneeded or nonsecure functions, ports, protocols, and services mitigate the risk of unauthorized connection of devices, unauthorized transfer of information, or other exploitation of these resources. The organization must perform a periodic scan/review of the application (as required by CCI-000384) and disable functions, ports, protocols, and services deemed to be unneeded or nonsecure.

Check Content

Verify CATALINA_HOME/webapps Tomcat administrative tool has been configured to remove all Web applications that are not required.

Log in to the ISEC7 SPHERE server.
Browse to <Drive>:\Program Files\ISEC7 SPHERE\Tomcat\webapps\
Confirm all folders in the directory with the exception of Manager and Host-Manager have been removed.

If the CATALINA_HOME/webapps Tomcat administrative tool has not been configured to remove all Web applications that are not required, this is a finding.

Fix Text

To configure the CATALINA_HOME/webapps Tomcat administrative tool to remove all Web applications that are not required, run the ISEC7 integrated installer or use the following manual procedure: 

Log in to the ISEC7 SPHERE server.
Browse to <Drive>:\Program Files\ISEC7 SPHERE\Tomcat\webapps\
Remove all folders in the directory with the exception of Manager and Host-Manager.