This document, Security Configuration Benchmark for Apache Tomcat 7.0, provides prescriptive guidance for establishing a secure configuration posture for Apache Tomcat versions 7.0 running on Linux.
This document is intended for system and application administrators, security specialists, auditors, help desk, and platform deployment personnel who plan to develop, deploy, assess, or secure solutions that incorporate Apache Tomcat on a Linux platform.
This guide was tested against Apache Tomcat 7.0 as installed by tar packages provided by Apache.
5/4/2016 - updated to FINAL
moved to FINAL - 6/7/2016
updated URLs - 8/13/19
NIST checklist record last modified on 08/13/2019