{"id":19260874,"url":"https://github.com/mitre/apache-tomcat-9.x-stig-baseline","last_synced_at":"2026-03-04T11:03:37.076Z","repository":{"id":146197972,"uuid":"574644552","full_name":"mitre/apache-tomcat-9.x-stig-baseline","owner":"mitre","description":"InSpec profile for Apache Tomcat 9.x STIG","archived":false,"fork":false,"pushed_at":"2025-10-15T20:16:17.000Z","size":235,"stargazers_count":2,"open_issues_count":1,"forks_count":4,"subscribers_count":10,"default_branch":"main","last_synced_at":"2025-10-16T20:00:49.514Z","etag":null,"topics":["inspec","mitre-corporation","mitre-saf","security-automation"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mitre.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-12-05T19:04:44.000Z","updated_at":"2025-10-15T20:16:22.000Z","dependencies_parsed_at":null,"dependency_job_id":"e4b17b98-f530-451f-b770-8fc97d7069a6","html_url":"https://github.com/mitre/apache-tomcat-9.x-stig-baseline","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/mitre/apache-tomcat-9.x-stig-baseline","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mitre%2Fapache-tomcat-9.x-stig-baseline","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mitre%2Fapache-tomcat-9.x-stig-baseline/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mitre%2Fapache-tomcat-9.x-stig-baseline/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mitre%2Fapache-tomcat-9.x-stig-baseline/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mitre","download_url":"https://codeload.github.com/mitre/apache-tomcat-9.x-stig-baseline/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mitre%2Fapache-tomcat-9.x-stig-baseline/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30078420,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-04T08:01:56.766Z","status":"ssl_error","status_checked_at":"2026-03-04T08:00:42.919Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["inspec","mitre-corporation","mitre-saf","security-automation"],"created_at":"2024-11-09T19:23:15.261Z","updated_at":"2026-03-04T11:03:37.044Z","avatar_url":"https://github.com/mitre.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"## Apache Tomcat STIG Automated Compliance Validation Profile\n\nInSpec profile to validate the secure configuration of a Apache Tomcat against DISA's Apache Tomcat 9.X Secure Technical Implemenation Guide (STIG) Version 2 Release 1\n\n## Apache Tomcat STIG Overview\n\nThe \u003cb\u003eApache Tomcat\u003c/b\u003e STIG (https://public.cyber.mil/stigs/) by the United States Defense Information Systems Agency (DISA) offers a comprehensive compliance guide for the configuration and operation of various technologies.\nDISA has created and maintains a set of security guidelines for applications, computer systems or networks connected to the DoD. These guidelines are the primary security standards used by many DoD agencies. In addition to defining security guidelines, the STIG also stipulates how security training should proceed and when security checks should occur. Organizations must stay compliant with these guidelines or they risk having their access to the DoD terminated.\n\n[STIG](https://en.wikipedia.org/wiki/Security_Technical_Implementation_Guide)s are the configuration standards for United States Department of Defense (DoD) Information Assurance (IA) and IA-enabled devices/systems published by the United States Defense Information Systems Agency (DISA). Since 1998, DISA has played a critical role enhancing the security posture of DoD's security systems by providing the STIGs. The STIGs contain technical guidance to \"lock down\" information systems/software that might otherwise be vulnerable to a malicious computer attack.\n\nThe requirements associated with the \u003cb\u003eApache Tomcat\u003c/b\u003e STIG are derived from the [National Institute of Standards and Technology](https://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology) (NIST) [Special Publication (SP) 800-53, Revision 4](https://en.wikipedia.org/wiki/NIST_Special_Publication_800-53) and related documents.\n\nWhile the Apache Tomcat STIG automation profile check was developed to provide technical guidance to validate information with security systems such as applications, the guidance applies to all organizations that need to meet internal security as well as compliance standards.\n\n## Getting Started\n\n### Requirements\n\n#### Apache Tomcat  \n- Apache Tomcat Server\n- Access to the Apache Tomcat Application Server\n- Account providing appropriate permissions to perform audit scan\n\n\n#### Required software on Apache Tomcat Application Server\n- git\n- [InSpec](https://www.chef.io/products/chef-inspec/)\n\n### Setup Environment on Apache Tomcat Application Server \n#### Install InSpec\nGoto https://www.inspec.io/downloads/ and consult the documentation for your Operating System to download and install InSpec.\n\n#### Ensure InSpec version is at least 4.23.10 \n```sh\ninspec --version\n```\n\n\u003c\u003c\u003c\u003c\u003c\u003c\u003c HEAD\n### How to execute this instance  \n(See: https://www.inspec.io/docs/reference/cli/)\n\n#### Execute a single Control in the Profile \n**Note**: Replace the profile's directory name - e.g. - `\u003cProfile\u003e` with `.` if currently in the profile's root directory.\n```sh\ninspec exec \u003cProfile\u003e/controls/V-222926.rb --show-progress\n```\nor use the --controls flag to execute checking with a subset of controls\n```sh\ninspec exec \u003cProfile\u003e --controls=V-222926.rb V-222926.rb --show-progress\n```\n\n#### Execute a Single Control and save results as JSON \n```sh\ninspec exec \u003cProfile\u003e --controls=V-222926.rb --show-progress --reporter json:results.json\n```\n\n#### Execute All Controls in the Profile \n```sh\ninspec exec \u003cProfile\u003e --show-progress\n```\n\n#### Execute all the Controls in the Profile and save results as JSON \n```sh\ninspec exec \u003cProfile\u003e --show-progress  --reporter json:results.json\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmitre%2Fapache-tomcat-9.x-stig-baseline","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmitre%2Fapache-tomcat-9.x-stig-baseline","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmitre%2Fapache-tomcat-9.x-stig-baseline/lists"}