ISO 27001:2022 A.8.20

Networks security

UnveilScan findings mapped to this control

The scanner emits 2 distinct findings on this control. Click "Scan a domain" below to see which of them currently apply to your site, with copy-paste remediation snippets (nginx, Apache, DNS BIND, web-server config).

web.http_no_https_redirect ⏱ 15 min

WEB — Http no https redirect

Risk if ignored: Every first visit over http:// is a plaintext page hand-off. SSLStrip / active on-path attackers downgrade the user silently; cookies set during that visit are exposed. HSTS only helps from the SECOND visit onward.

security

Also maps to 4 other controls

ANSSI Reco-TLS R3 — Activer HTTPS et la redirection systématique
GDPR Art. 32 — Security of processing
NIS 2 Art. 21.2(g) — Cryptography and encryption
PCI-DSS 4.0 4.2.1 — Strong cryptography for transmissions over public networks

web.http_redirect_to_http ⏱ 30 min

WEB — Http redirect to http

Risk if ignored: Redirect chain walks through another HTTP hop before reaching HTTPS — the entire chain is observable and mutable by an on-path attacker.

security

Also maps to 2 other controls

ANSSI Reco-TLS R3 — Activer HTTPS et la redirection systématique
PCI-DSS 4.0 4.2.1 — Strong cryptography for transmissions over public networks