SV-106509r1_rule
V-97405
SRG-APP-000635
ISEC-06-002700
CAT II
10
Login to the ISEC7 EMM Suite Monitor server.
Browse to the Java Install\Lib\Security.
Edit the Java.Security file.
Add the following entries in bold to the Java.Security file:
security.provider.1=com.rsa.jsafe.provider.JsafeJCE
security.provider.2=sun.security.provider.Sun
security.provider.3=sun.security.rsa.SunRsaSign
security.provider.4=sun.security.ec.SunEC
security.provider.5=com.sun.net.ssl.internal.ssl.Provider JsafeJCE
security.provider.6=com.sun.crypto.provider.SunJCE
security.provider.7=sun.security.jgss.SunProvider
security.provider.8=com.sun.security.sasl.Provider
security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.10=sun.security.smartcardio.SunPCSC
security.provider.11=sun.security.mscapi.SunMSCAPI
com.rsa.cryptoj.jce.kat.strategy=on.load
com.rsa.cryptoj.jce.fips140initialmode=FIPS140_SSL
Log in to the ISEC7 EMM Console.
Confirm that the browser session is secured using a DoD issued certificate.
Alternately, Log in to the ISEC7 EMM Console.
Navigate to Administration >> Configuration >> Apache Tomcat Settings.
Identify which type of Keystore is being used.
Windows MY:
Open the Microsoft Management Console.
Add the Certificates Snap-In for the ISEC7 Service Account.
Navigate to the Personal Certificates Store.
Verify the certificate is issued by a DoD Trusted Certificate Authority.
JavaKeystore PKCS12:
Using a Keystore browser such as Portecle, open the ISEC7 EMM Suite keystore.
Enter the Keystore password when prompted.
Open the installed certificate and verify it was issued by a DoD Trusted Certificate Authority.
If certificates used by the server are not DoD issued certificates, this is a finding.
V-97405
False
ISEC-06-002700
Log in to the ISEC7 EMM Console.
Confirm that the browser session is secured using a DoD issued certificate.
Alternately, Log in to the ISEC7 EMM Console.
Navigate to Administration >> Configuration >> Apache Tomcat Settings.
Identify which type of Keystore is being used.
Windows MY:
Open the Microsoft Management Console.
Add the Certificates Snap-In for the ISEC7 Service Account.
Navigate to the Personal Certificates Store.
Verify the certificate is issued by a DoD Trusted Certificate Authority.
JavaKeystore PKCS12:
Using a Keystore browser such as Portecle, open the ISEC7 EMM Suite keystore.
Enter the Keystore password when prompted.
Open the installed certificate and verify it was issued by a DoD Trusted Certificate Authority.
If certificates used by the server are not DoD issued certificates, this is a finding.
M
3503