SV-79999r2_rule
V-65509
SRG-APP-000391
AGIS-00-000171
CAT II
10
Configure ArcGIS for Server to accept Personal Identity Verification (PIV) credentials. Substitute the target environment’s values for [bracketed] variables.
Enable Active Directory Client Certificate Authentication "To map client certificates by using Active Directory mapping."
Review the ArcGIS for Server configuration to ensure that the application accepts Personal Identity Verification (PIV) credentials. Substitute the target environment’s values for [bracketed] variables.
Within IIS >> within the [“arcgis”] application >> Authentication >> Verify that “Windows Authentication” is “Enabled”.
Verify that “Anonymous Authentication” is “Disabled”.
If “Windows Authentication” is not enabled, or “Anonymous Authentication” is enabled, this is a finding.
Within IIS >> within the [“arcgis”] application >> SSL Settings >> Verify the setting “Client Certificates:” is set to “Accept” or “Require”
If “Client Certificates:” is set to “Ignore” this is a finding.
This control is not applicable for ArcGIS Server deployments configured to allow anonymous access.
This control is not applicable for ArcGIS Server deployments which are integrated with and protected by one or more third party DoD compliant certificate authentication solutions.
V-65509
False
AGIS-00-000171
Review the ArcGIS for Server configuration to ensure that the application accepts Personal Identity Verification (PIV) credentials. Substitute the target environment’s values for [bracketed] variables.
Within IIS >> within the [“arcgis”] application >> Authentication >> Verify that “Windows Authentication” is “Enabled”.
Verify that “Anonymous Authentication” is “Disabled”.
If “Windows Authentication” is not enabled, or “Anonymous Authentication” is enabled, this is a finding.
Within IIS >> within the [“arcgis”] application >> SSL Settings >> Verify the setting “Client Certificates:” is set to “Accept” or “Require”
If “Client Certificates:” is set to “Ignore” this is a finding.
This control is not applicable for ArcGIS Server deployments configured to allow anonymous access.
This control is not applicable for ArcGIS Server deployments which are integrated with and protected by one or more third party DoD compliant certificate authentication solutions.
M
2961