UCF STIG Viewer Logo

AvePoint DocAve 6 Security Technical Implementation Guide


Overview

Date Finding Count (9)
2022-08-24 CAT I (High): 3 CAT II (Med): 6 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Sensitive)

Finding ID Severity Title
V-253516 High The underlying IIS platform must be configured for Smart Card (CAC) Authorization.
V-253515 High DocAve must use multifactor authentication for network access to privileged accounts.
V-253512 High DocAve must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.
V-253518 Medium DocAve must only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.
V-253517 Medium DocAve must control remote access methods.
V-253514 Medium DocAve must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.
V-253513 Medium DocAve must provide automated mechanisms for supporting account management functions.
V-253511 Medium DocAve must initiate a session lock after a 15-minute period of inactivity.
V-253510 Medium DocAve must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.