| Checked | Name | Title |
|---|
| ☐ | SV-79809r2_rule | The ArcGIS Server must protect the integrity of remote access sessions by enabling HTTPS with DoD-approved certificates. |
| ☐ | SV-79813r2_rule | The ArcGIS Server must use Windows authentication for supporting account management functions. |
| ☐ | SV-79875r2_rule | The ArcGIS Server must use Windows authentication to enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. |
| ☐ | SV-79883r1_rule | The ArcGIS Server must provide audit record generation capability for DoD-defined auditable events within all application components. |
| ☐ | SV-79897r1_rule | The ArcGIS Server must protect audit information from any type of unauthorized read access, modification or deletion. |
| ☐ | SV-79903r1_rule | The ArcGIS Server must be configured to disable non-essential capabilities. |
| ☐ | SV-79905r1_rule | The ArcGIS Server must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments. |
| ☐ | SV-79919r2_rule | The ArcGIS Server must implement replay-resistant authentication mechanisms for network access to privileged accounts and non-privileged accounts. |
| ☐ | SV-79949r1_rule | The ArcGIS Server, when using PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor. |
| ☐ | SV-79957r2_rule | The ArcGIS Server must use mechanisms meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module. |
| ☐ | SV-79967r2_rule | The ArcGIS Server must recognize only system-generated session identifiers. |
| ☐ | SV-79973r1_rule | The ArcGIS Server must use a full disk encryption solution to protect the confidentiality and integrity of all information. |
| ☐ | SV-79975r1_rule | The ArcGIS Server must be configured such that emergency accounts are never automatically removed or disabled. |
| ☐ | SV-79977r1_rule | The ArcGIS Server must reveal error messages only to the ISSO, ISSM, and SA. |
| ☐ | SV-79989r2_rule | The ArcGIS Server must enforce access restrictions associated with changes to application configuration. |
| ☐ | SV-79993r2_rule | The organization must disable organization-defined functions, ports, protocols, and services within the ArcGIS Server deemed to be unnecessary and/or nonsecure. |
| ☐ | SV-79999r2_rule | The ArcGIS Server must accept and electronically verify Personal Identity Verification (PIV) credentials. |
| ☐ | SV-80005r2_rule | The ArcGIS Server Windows authentication must authenticate all endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based. |
| ☐ | SV-80007r2_rule | The ArcGIS Server SSL settings must use NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. |
| ☐ | SV-80009r1_rule | The ArcGIS Server keystores must only contain certificates of PKI established certificate authorities for verification of protected sessions. |
| ☐ | SV-80011r1_rule | The ArcGIS Server must maintain a separate execution domain for each executing process. |
| ☐ | SV-80059r1_rule | The ArcGIS Server must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. |
STIGQter: STIG Summary: