STIGQter STIGQter: STIG Summary: ArcGIS for Server 10.3 Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 26 Jan 2018:

The ArcGIS Server must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.

DISA Rule

SV-79905r1_rule

Vulnerability Number

V-65415

Group Title

SRG-APP-000142

Rule Version

AGIS-00-000055

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the ArcGIS Server to ensure the application prohibits or restricts the use of PPSM CAL defined ports, protocols, and/or services. Substitute the target environment’s values for [bracketed] variables.

Navigate to [https://server.domain.com/arcgis]admin/security/config (log on when prompted).

Browse to Update. Update the Protocol parameter to "HTTPS Only".

Click "Save"/"Apply".

Check Contents

Review the ArcGIS Server configuration to ensure the application prohibits or restricts the use of PPSM CAL defined ports, protocols, and/or services. Substitute the target environment’s values for [bracketed] variables.

Navigate to [https://server.domain.com/arcgis]admin/security/config (log on when prompted).

Verify the "Protocol" parameter is not set to "HTTP Only".

If the "Protocol" parameter is set to "HTTP Only", this is a finding.

Vulnerability Number

V-65415

Documentable

False

Rule Version

AGIS-00-000055

Severity Override Guidance

Review the ArcGIS Server configuration to ensure the application prohibits or restricts the use of PPSM CAL defined ports, protocols, and/or services. Substitute the target environment’s values for [bracketed] variables.

Navigate to [https://server.domain.com/arcgis]admin/security/config (log on when prompted).

Verify the "Protocol" parameter is not set to "HTTP Only".

If the "Protocol" parameter is set to "HTTP Only", this is a finding.

Check Content Reference

M

Target Key

2961

Comments