Securing Apache Tomcat

An objective, consensus-driven security guideline for the Apache Tomcat Server Software.

A step-by-step checklist to secure Apache Tomcat:

Download Latest CIS Benchmark Free to Everyone
For Apache Tomcat 1.2.0 (CIS Apache Tomcat 9 Benchmark version 1.2.0)

CIS has worked with the community since 2009 to publish a benchmark for Apache Tomcat.

Other CIS Benchmark versions:

For Apache Tomcat (CIS Apache Tomcat 10 Benchmark version 1.0.0)
Complete CIS Benchmark Archive

CIS Covers Other Server Technologies

See the full list