STIGQter: STIG Summary: Splunk Enterprise 7.x for Windows Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

Splunk Enterprise must display the Standard Mandatory DoD Notice and Consent Banner and accept user acknowledgement before granting access to the application.

DISA Rule

SV-221931r508660_rule

Vulnerability Number

V-221931

Group Title

SRG-APP-000068-AU-000035

Rule Version

SPLK-CL-000035

Severity

CAT III

CCI(s)

• CCI-000048 - The information system displays an organization-defined system use notification message or banner before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.

Weight

10

Fix Recommendation

Configure an external SSO proxy service, such as Apache, IIS, F5, SAML, etc., to provide the notification and acknowledgement.

Examples for Apache and F5 are provided as supplemental documentation included in this package.

Check Contents

Verify that the Standard Mandatory DoD Notice and Consent Banner appears and provides for user acknowledgement before being granted access to Splunk Enterprise.

If the Standard Mandatory DoD Notice and Consent Banner is not presented, or the user is not required to acknowledge the notice, this is a finding.

Vulnerability Number

V-221931

Documentable

False

Rule Version

SPLK-CL-000035

Severity Override Guidance

Verify that the Standard Mandatory DoD Notice and Consent Banner appears and provides for user acknowledgement before being granted access to Splunk Enterprise.

If the Standard Mandatory DoD Notice and Consent Banner is not presented, or the user is not required to acknowledge the notice, this is a finding.

Check Content Reference

M

Target Key

4082

Comments