STIGQter STIGQter: STIG Summary: ISEC7 EMM Suite v6.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2019:

The Manager Web app password must be configured as follows: -15 or more characters -at least one lower case letter -at least one upper case letter -at least one number -at least one special character

DISA Rule

SV-106519r1_rule

Vulnerability Number

V-97415

Group Title

SRG-APP-000164

Rule Version

ISEC-06-550700

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

To set a strong password on the Manager Web app, run the ISEC7 integrated installer or use the following manual procedure:

Login to the ISEC7 EMM Suite server.
Browse to <Drive>:\Program Files\ISEC7 EMM Suite\Tomcat\conf and open Tomcat-Users.xml
Open the Command Prompt and CD to <Drive>:\Program Files\ISEC7 EMM Suite\Tomcat\bin
Execute the following using 'sha' command:

digest –a sha password*

*where password is the 15 character password designated for the account

Copy the output, which is the hashed digest password.
In Tomcat-Users.xml, add in the password for the user with the obfuscated output at <user password="**", where ** is the obfuscated password.

example: <user password="310c55aa3d5b42217e7f0e80ce30467d$100000$529cceb1fbc80f4f461fc1bd56219d79d9c94d4a8fc46abad0646f27e753ff9e" roles="manager-gui,manager-script" username="admin"/>

Save the file.
Open <Drive>:\Program Files\ISEC7 EMM Suite\Tomcat\conf\server.xml with Notepad.exe
Enter: <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase" digest=”sha”/>
Save the file.
Restart the ISEC7 EMM Suite Web service using the services.msc

Note: the password must meet the following complexity requirements:
-15 or more characters
-at least one lower case letter
-at least one upper case letter
-at least one number
-at least one special character

Check Contents

Verify the Manager Web app password has been configured as follows:
-15 or more characters
-at least one lower case letter
-at least one upper case letter
-at least one number
-at least one special character

Login to the ISEC7 EMM Suite server.
Open a Web browser and go to https://localhost/manager/html
Login with the custom administrator login and password. Verify password entered meets complexity requirements.

If the Manager Web app password has not been configured as required, this is a finding.

Vulnerability Number

V-97415

Documentable

False

Rule Version

ISEC-06-550700

Severity Override Guidance

Verify the Manager Web app password has been configured as follows:
-15 or more characters
-at least one lower case letter
-at least one upper case letter
-at least one number
-at least one special character

Login to the ISEC7 EMM Suite server.
Open a Web browser and go to https://localhost/manager/html
Login with the custom administrator login and password. Verify password entered meets complexity requirements.

If the Manager Web app password has not been configured as required, this is a finding.

Check Content Reference

M

Target Key

3503

Comments