STIGQter: STIG Summary: ArcGIS for Server 10.3 Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 26 Jan 2018:

The ArcGIS Server must provide audit record generation capability for DoD-defined auditable events within all application components.

DISA Rule

SV-79883r1_rule

Vulnerability Number

V-65393

Group Title

SRG-APP-000089

Rule Version

AGIS-00-000026

Severity

CAT I

CCI(s)

• CCI-000067 - The information system monitors remote access methods.
• CCI-000130 - The information system generates audit records containing information that establishes what type of event occurred.
• CCI-000132 - The information system generates audit records containing information that establishes where the event occurred.
• CCI-000133 - The information system generates audit records containing information that establishes the source of the event.
• CCI-000134 - The information system generates audit records containing information that establishes the outcome of the event.
• CCI-000169 - The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components.
• CCI-000172 - The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3.
• CCI-001403 - The information system automatically audits account modification actions.
• CCI-001404 - The information system automatically audits account disabling actions.
• CCI-001405 - The information system automatically audits account removal actions.
• CCI-001487 - The information system generates audit records containing information that establishes the identity of any individuals or subjects associated with the event.
• CCI-001665 - The information system preserves organization-defined system state information in the event of a system failure.
• CCI-001814 - The Information system supports auditing of the enforcement actions.
• CCI-002130 - The information system automatically audits account enabling actions.
• CCI-002234 - The information system audits the execution of privileged functions.

Weight

10

Fix Recommendation

Configure the ArcGIS Server to ensure mechanisms for providing audit record generation capability for DoD-defined auditable events within application components are provided. Substitute the target environment’s values for [bracketed] variables.

Open "ArcGIS Server Manager" ([https://server.domain.com/arcgis]/manager) (log on when prompted).

Navigate to the "Logs" tab. Open "Settings". Change the "Log Level" value to "VERBOSE", then click "Save".

Check Contents

Review the ArcGIS Server configuration to ensure mechanisms for providing audit record generation capability for DoD-defined auditable events within application components are provided. Substitute the target environment’s values for [bracketed] variables.

Navigate to [https://server.domain.com/arcgis]/admin/logs/settings (log on when prompted).

Verify the "Log Level" value is set to "VERBOSE".

If this value is set to any value other than "VERBOSE", this is a finding.

Vulnerability Number

V-65393

Documentable

False

Rule Version

AGIS-00-000026

Severity Override Guidance

Review the ArcGIS Server configuration to ensure mechanisms for providing audit record generation capability for DoD-defined auditable events within application components are provided. Substitute the target environment’s values for [bracketed] variables.

Navigate to [https://server.domain.com/arcgis]/admin/logs/settings (log on when prompted).

Verify the "Log Level" value is set to "VERBOSE".

If this value is set to any value other than "VERBOSE", this is a finding.

Check Content Reference

M

Target Key

2961

Comments