IT:AD:TACTICAL

* Tag: “Security/Transport/SSL” * Action: “Improve Security by ensuring all communication between tiers is protected by SSL.” * Classification: “Security. Tamperability” * Test: “Access to the system via http should not be allowed” * Information: (Rational/Reources/References/Recommendations) * Context/Exceptions: “Applicable to server components providing web pages and APIs accessible via HTTP”. * Allowances: “Requests via HTTP can be 302 redirected to the same url, with an HTTPS protocol.”

It's good – but note that the acronym has the following issues: * Which one should be the Name: Tag, or Action? * Classification would be better if it could be before Action