STIGQter: STIG Summary: ISEC7 EMM Suite v6.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2019:

The ISEC7 EMM Suite must accept Personal Identity Verification (PIV) credentials.

DISA Rule

SV-106501r1_rule

Vulnerability Number

V-97397

Group Title

SRG-APP-000391

Rule Version

ISEC-06-001730

Severity

CAT III

CCI(s)

• CCI-001953 - The information system accepts Personal Identity Verification (PIV) credentials.

Weight

10

Fix Recommendation

Log in to the ISEC7 EMM Console.

Navigate to Administration >> Configuration >> Settings.
Check the CAC login box.
On the ISEC7 EMM Suite server, browse to the install directory.
Default is %Install Drive%/Program Files/ISEC7 EMM Suite.
Select the conf folder.
Open config.properties and add the following lines:

cacUserUIDRegex=^CN=[^0-9]*\\.([0-9]+),
cacUserUIDProperty=UserPrincipalName

Browse to %Install Drive%/Program Files >> ISEC7 EMM Suite >> Tomcat >> conf
Open the server.xml file and add clientAuth="required" under the Connection.

Check Contents

Log in to the ISEC7 EMM Console.

Navigate to Administration >> Configuration >> Settings.

Verify the CAC login box has been checked.

On the ISEC7 EMM Suite server, browse to the install directory.
Default is %Install Drive%/Program Files/ISEC7 EMM Suite
Select the conf folder.
Open config.properties and confirm the following lines exist:

cacUserUIDRegex=^CN=[^0-9]*\\.([0-9]+),
cacUserUIDProperty=UserPrincipalName

Browse to %Install Drive%/Program Files >> ISEC7 EMM Suite >> Tomcat >> conf
Confirm the server.xml file has clientAuth="required" under the Connection.

If the required commends do not exist in config.properties or if clientAuth does not ="required" in the server.xml file, this is a finding.

Vulnerability Number

V-97397

Documentable

False

Rule Version

ISEC-06-001730

Severity Override Guidance

Log in to the ISEC7 EMM Console.

Navigate to Administration >> Configuration >> Settings.

Verify the CAC login box has been checked.

On the ISEC7 EMM Suite server, browse to the install directory.
Default is %Install Drive%/Program Files/ISEC7 EMM Suite
Select the conf folder.
Open config.properties and confirm the following lines exist:

cacUserUIDRegex=^CN=[^0-9]*\\.([0-9]+),
cacUserUIDProperty=UserPrincipalName

Browse to %Install Drive%/Program Files >> ISEC7 EMM Suite >> Tomcat >> conf
Confirm the server.xml file has clientAuth="required" under the Connection.

If the required commends do not exist in config.properties or if clientAuth does not ="required" in the server.xml file, this is a finding.

Check Content Reference

M

Target Key

3503

Comments