STIGQter: STIG Summary: ArcGIS for Server 10.3 Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 26 Jan 2018: STIGQter: STIG Summary: ArcGIS for Server 10.3 Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 26 Jan 2018:SV-79989r2_rule
V-65499
SRG-APP-000380
AGIS-00-000164
CAT II
10
Configure the ArcGIS Server to enforce access restrictions associated with changes to application configuration. Substitute the target environment’s values for [bracketed] variables.
Log on to ArcGIS Server Manager ([https://server.domain.com/arcgis]/manager]) (log on when prompted) >> Security >> Roles >> "Administrator" role.
Remove unauthorized personnel from the "Administrator" role.
Review the ArcGIS for Server configuration to ensure that the application enforces access restrictions associated with changes to application configuration. Substitute the target environment’s values for [bracketed] variables.
Logon to ArcGIS Server Manager ([https://server.domain.com/arcgis]/manager]) (logon when prompted) >> “Security” >> “Roles” >> “Administrator” role.
Verify that only authorized personnel are listed as members of the “Administrator” role.
If unauthorized personnel are members of the “Administrator” role, this is a finding.
This control is not applicable for ArcGIS Server deployments configured to allow anonymous access.
This control is not applicable for ArcGIS Server deployments which are integrated with and protected by one or more third party DoD compliant certificate authentication solutions.
V-65499
False
AGIS-00-000164
Review the ArcGIS for Server configuration to ensure that the application enforces access restrictions associated with changes to application configuration. Substitute the target environment’s values for [bracketed] variables.
Logon to ArcGIS Server Manager ([https://server.domain.com/arcgis]/manager]) (logon when prompted) >> “Security” >> “Roles” >> “Administrator” role.
Verify that only authorized personnel are listed as members of the “Administrator” role.
If unauthorized personnel are members of the “Administrator” role, this is a finding.
This control is not applicable for ArcGIS Server deployments configured to allow anonymous access.
This control is not applicable for ArcGIS Server deployments which are integrated with and protected by one or more third party DoD compliant certificate authentication solutions.
M
2961