STIGQter: STIG Summary: ISEC7 Sphere Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The ISEC7 EMM Suite must protect the confidentiality and integrity of transmitted information during preparation for transmission and during reception using cryptographic mechanisms.

DISA Rule

SV-224772r505933_rule

Vulnerability Number

V-224772

Group Title

SRG-APP-000439

Rule Version

ISEC-06-002030

Severity

CAT II

CCI(s)

• CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.
• CCI-002420 - The information system maintains the confidentiality and/or integrity of information during preparation for transmission.
• CCI-002421 - The information system implements cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by organization-defined alternative physical safeguards.
• CCI-002422 - The information system maintains the confidentiality and/or integrity of information during reception.

Weight

10

Fix Recommendation

Log in to the ISEC7 EMM Console.
Navigate to Administration >> Configuration >> Apache Tomcat Settings.
Verify that sslProtocol is set to TLS1.2.

Check Contents

Log in to the ISEC7 EMM Console.
Navigate to Administration >> Configuration >> Apache Tomcat Settings.
Verify that sslProtocol is set to TLS1.2.

If the sslProtocol is not set to TLS1.2, this is a finding.

Vulnerability Number

V-224772

Documentable

False

Rule Version

ISEC-06-002030

Severity Override Guidance

Log in to the ISEC7 EMM Console.
Navigate to Administration >> Configuration >> Apache Tomcat Settings.
Verify that sslProtocol is set to TLS1.2.

If the sslProtocol is not set to TLS1.2, this is a finding.

Check Content Reference

M

Target Key

4200

Comments