STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated just now
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Cisco Secure Network Analytics (SNA) Security Technical Implementation Guide

V-284928

CAT II (Medium)

The Cisco SNA appliance must be configured to use HTTP/2 at a minimum.

Rule ID

SV-284928r1212129_rule

STIG

Cisco Secure Network Analytics (SNA) Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000366CCI-002418CCI-001310

Discussion

HTTP/2, like HTTPS, enhances security compared to HTTP/1.x by minimizing the risk of header-based attacks (e.g., header injection and manipulation). Websites that fully use HTTP/2 are inherently protected and defend against smuggling attacks. HTTP/2 provides the method for specifying the length of a request, which removes any potential for ambiguity that can be leveraged by an attacker. This is applicable to all web architectures such as load balancing/proxy use cases. - The front-end and back-end servers should both be configured to use HTTP/2. - HTTP/2 must be used for communications between web servers. - Browser vendors have agreed to only support HTTP/2 only in HTTPS mode; thus, TLS must be configured to meet this requirement. TLS configuration is out of scope for this requirement.

Check Content

Verify HTTP/1.x downgrading is disabled.

Navigate to Sysadmin Console >> Network >> HTTP Version >> Select >> Yes to Warning >> OK.

If the message displayed states "There are no changes to HTTP/2 settings.", then HTTP/1.x has been disabled.

If the HTTP/1.x downgrading is enabled, this is a finding.

Fix Text

Configure the Cisco SNA Appliance to use HTTP/2.

Navigate to Sysadmin Console >> Network >> HTTP Version >> Select >> Yes to Warning >> OK.