If cipher suites using pre-shared keys are used for device authentication, the ISEC7 EMM Suite must have a minimum security strength of 112 bits or higher, must only be used in networks where both the client and server are Government systems, must prohibit client negotiation to TLS 1.1, TLS 1.0, SSL 2.0, or SSL 3.0 and must prohibit or restrict the use of protocols that transmit unencrypted authentication information or use flawed cryptographic algorithm for transmission.
DISA Rule
SV-106515r1_rule
Vulnerability Number
V-97411
Group Title
SRG-APP-000585
Rule Version
ISEC-06-002620
Severity
CAT II
CCI(s)
- CCI-000382 - The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services.
- CCI-001453 - The information system implements cryptographic mechanisms to protect the integrity of remote access sessions.
- CCI-001967 - The information system authenticates organization-defined devices and/or types of devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.
Weight
10
Fix Recommendation
Log in to the ISEC7 EMM Console.
Navigate to Administration >> Configuration >> Apache Tomcat Settings.
Verify that sslProtocol is set to TLS1.2.
Check Contents
Log in to the ISEC7 EMM Console.
Navigate to Administration >> Configuration >> Apache Tomcat Settings.
Verify that sslProtocol is set to TLS1.2.
If the sslProtocol is not set to TLS1.2, this is a finding.
Vulnerability Number
V-97411
Documentable
False
Rule Version
ISEC-06-002620
Severity Override Guidance
Log in to the ISEC7 EMM Console.
Navigate to Administration >> Configuration >> Apache Tomcat Settings.
Verify that sslProtocol is set to TLS1.2.
If the sslProtocol is not set to TLS1.2, this is a finding.
Check Content Reference
M
Target Key
3503
Comments