STIGQter: STIG Summary: ISEC7 Sphere Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The ISEC7 EMM Suite must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.

DISA Rule

SV-224762r505933_rule

Vulnerability Number

V-224762

Group Title

SRG-APP-000014

Rule Version

ISEC-06-000060

Severity

CAT II

CCI(s)

CCI-000068 - The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions.

Weight

Fix Recommendation

Login to the EMM Console.
Navigate to Administration >> Configuration >> Apache Tomcat Settings.
Using the dropdown menu for sslProtocol, select TLSv1.2.
Click Update.
Restart the ISEC7 EMM Suite Web service.

Check Contents

Login to the EMM Console.
Navigate to Administration >> Configuration >> Apache Tomcat Settings.
Verify sslProtocol is set to TLSv1.2.

If the sslProtocol is not set to TLSv1.2, this is a finding.

Vulnerability Number

V-224762

Documentable

False

Rule Version

ISEC-06-000060

Severity Override Guidance

Login to the EMM Console.
Navigate to Administration >> Configuration >> Apache Tomcat Settings.
Verify sslProtocol is set to TLSv1.2.

If the sslProtocol is not set to TLSv1.2, this is a finding.

Check Content Reference

Target Key

4200

The ISEC7 EMM Suite must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments