STIGQter: STIG Summary: ISEC7 EMM Suite v6.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2019:

The ISEC7 EMM Suite must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.

DISA Rule

SV-106491r1_rule

Vulnerability Number

V-97387

Group Title

SRG-APP-000014

Rule Version

ISEC-06-000060

Severity

CAT II

CCI(s)

CCI-000068 - The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions.

Weight

Fix Recommendation

Login to the EMM Console.
Navigate to Administration >> Configuration >> Apache Tomcat Settings.
Using the dropdown menu for sslProtocol, select TLSv1.2.
Click Update.
Restart the ISEC7 EMM Suite Web service.

Check Contents

Login to the EMM Console.
Navigate to Administration >> Configuration >> Apache Tomcat Settings.
Verify sslProtocol is set to TLSv1.2.

If the sslProtocol is not set to TLSv1.2, this is a finding.

Vulnerability Number

V-97387

Documentable

False

Rule Version

ISEC-06-000060

Severity Override Guidance

Login to the EMM Console.
Navigate to Administration >> Configuration >> Apache Tomcat Settings.
Verify sslProtocol is set to TLSv1.2.

If the sslProtocol is not set to TLSv1.2, this is a finding.

Check Content Reference

Target Key

3503

The ISEC7 EMM Suite must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments