STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to ISEC7 Sphere Security Technical Implementation Guide

V-224782

CAT II (Medium)

LockOutRealm must not be removed from Apache Tomcat.

Rule ID

SV-224782r1013858_rule

STIG

ISEC7 Sphere Security Technical Implementation Guide

Version

V3R1

CCIs

CCI-001762

Discussion

LockOutRealm prevents brute force attacks against user passwords. Removal of unneeded or nonsecure functions, ports, protocols, and services mitigate the risk of unauthorized connection of devices, unauthorized transfer of information, or other exploitation of these resources. The organization must perform a periodic scan/review of the application (as required by CCI-000384) and disable functions, ports, protocols, and services deemed to be unneeded or nonsecure.

Check Content

Log in to the ISEC7 SPHERE server.
Navigate to <Drive>:\Program Files\Isec7 SPHERE\Tomcat\Config
Open the server.xml file with Notepad.
Select Edit >> Find and search for LockOutRealm.
Confirm the following line is in the server.xml file:

<Realm className="org.apache.catalina.realm.LockOutRealm">

If it is not found or has been commented out, this is a finding.

If the LockOutRealm has been removed and cannot be used, this is a finding.

Fix Text

Log in to the ISEC7 SPHERE server.
Navigate to <Drive>:\Program Files\Isec7 SPHERE\Tomcat\Config
Open the server.xml file with Notepad.
Select Edit >> Find and search for LockOutRealm.
Add the following line is in the server.xml file:

<Realm className="org.apache.catalina.realm.LockOutRealm">

Restart the ISEC7 SPHERE Web service in the services.msc.