| V-60771 | High | The Google Search Appliance must be configured to prevent browsers from saving user credentials. | Web services are web applications providing a method of communication between two or more different electronic devices. They are normally used by applications to provide each other with data. ... |
| V-60769 | Medium | The Google Search Appliance must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). | To assure accountability and prevent unauthorized access, organizational users must be identified and authenticated.
Organizational users include organizational employees or individuals the... |
| V-60749 | Medium | The Google Search Appliance must alert designated organizational officials in the event of an audit processing failure. | It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Audit processing failures include; software/hardware errors, failures... |
| V-60747 | Medium | The Google Search Appliance must provide a real-time alert when all audit failure events occur. | It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Audit processing failures include: software/hardware errors, failures... |
| V-60767 | Medium | The Google Search Appliance must support the requirement to back up audit data and records onto a different system or media than the system being audited at least every seven days. | Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on an... |
| V-60789 | Medium | The Google Search Appliances must respond to security function anomalies by notifying the system administrator. | The need to verify security functionality applies to all security functions.
For those security functions not able to execute automated self-tests the organization either implements compensating... |
| V-60783 | Medium | The Google Search Appliance must support DoD requirements to enforce password complexity by the number of special characters used. | Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
Password complexity is one factor in determining how... |
| V-60787 | Medium | Google Search Appliances must enforce password minimum lifetime restrictions. | Password minimum lifetime is defined as: the minimum period of time, (typically in days) a user's password must be in effect before the user can change it.
Restricting this setting limits the... |
| V-60785 | Medium | The Google Search Appliance must support organizational requirements to enforce password encryption for transmission. | Passwords need to be protected at all times and encryption is the standard method for protecting passwords during transmission. |
| V-60777 | Medium | The Google Search Appliance must support DoD requirements to enforce password complexity by the number of lower case characters used. | Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
Password complexity is one factor of several that... |
| V-60775 | Medium | The Google Search Appliance must support DoD requirements to enforce password complexity by the number of upper case characters used. | Password complexity or strength is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
Password complexity is one factor of several that... |
| V-60773 | Medium | The Google Search Appliance must support DoD requirements to enforce minimum password length. | Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
Password length is one factor of several that helps... |
| V-60717 | Medium | Google Search Appliances must provide automated mechanisms for supporting user account management. The automated mechanisms may reside within the application itself or may be offered by the operating system or other infrastructure providing automated account management capabilities. | A comprehensive application account management process that includes automation helps to ensure that accounts designated as requiring attention are consistently and promptly addressed. Examples... |
| V-60719 | Medium | Google Search Appliance users must utilize a separate, distinct administrative account when accessing application security functions or security-relevant information. Non-privileged accounts must be utilized when accessing non-administrative application functions. The application must provide this functionality itself or leverage an existing technology providing this capability. | This requirement is intended to limit exposure due to operating from within a privileged account or role. The inclusion of role is intended to address those situations where an access control... |
| V-60731 | Medium | Google Search Appliances must display an approved system use notification message or banner before granting access to the system. | Applications must display an approved system use notification message or banner before granting access to the system.
The banner must be formatted in accordance with the DoD policy "Use of DoD... |
| V-60779 | Medium | The Google Search Appliance must support DoD requirements to enforce password complexity by the number of numeric characters used. | Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
Password complexity is one factor of several that... |
| V-60395 | Medium | Google Search Appliances providing remote access capabilities must utilize approved cryptography to protect the confidentiality of remote access sessions. | Remote access is any access to an organizational information system by a user (or an information system) communicating through an external, non-organization-controlled network (e.g., the... |
| V-60751 | Medium | The Google Search Appliance must be capable of taking organization-defined actions upon audit failure (e.g., overwrite oldest audit records, stop generating audit records, cease processing, notify of audit failure). | It is critical when a system is at risk of failing to process audit logs as required; it detects and takes action to mitigate the failure. Audit processing failures include: software/hardware... |
| V-60753 | Medium | The Google Search Appliance must synchronize with internal information system clocks which in turn, are synchronized on a 24 hour frequency with a 24 hour authoritative time source. | Determining the correct time a particular application event occurred on a system is critical when conducting forensic analysis and investigating system events.
Synchronization of system clocks... |
| V-60799 | Medium | The Google Search Appliance must notify appropriate individuals when accounts are modified. | Once an attacker establishes initial access to a system, they often attempt to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simply modify... |
| V-60733 | Medium | To support DoD requirements to centrally manage the content of audit records, Google Search Appliances must provide the ability to write specified audit record content to a centralized audit log repository. | Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control, includes but is not... |
| V-60791 | Medium | Google Search Appliance must ensure authentication of both client and server during the entire session. An example of this is SSL Mutual Authentication. | This control focuses on communications protection at the session, versus packet level.
At the application layer, session IDs are tokens generated by web applications to uniquely identify an... |
| V-60793 | Medium | The Google Search Appliance must employ automated mechanisms to alert security personnel of inappropriate or unusual activities with security implications. | Applications will typically utilize logging mechanisms for maintaining a historical log of activity that occurs within the application. This information can then be used for diagnostic purposes,... |
| V-60795 | Medium | The Google Search Appliance must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission unless the transmitted data is otherwise protected by alternative physical measures. | Preventing the disclosure of transmitted information requires that applications take measures to employ some form of cryptographic mechanism in order to protect the information during... |
| V-60797 | Medium | The Google Search Appliance must notify appropriate individuals when accounts are created. | Once an attacker establishes initial access to a system, they often attempt to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simply create... |
| V-60805 | Medium | The Google Search Appliance must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. IP restriction must be implemented. | Configuring the application to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security... |
| V-60729 | Medium | The Google Search Appliance must retain the notification message or banner on the screen until users take explicit actions to logon to or further access. | To establish acceptance of system usage policy, a click-through banner at application logon is required. The banner must prevent further activity on the application unless and until the user... |
| V-60801 | Medium | The Google Search Appliance must notify appropriate individuals when account disabling actions are taken. | When application accounts are disabled, user accessibility is affected. Accounts are utilized for identifying individual application users or for identifying the application processes themselves.... |
| V-60803 | Medium | The Google Search Appliance must notify appropriate individuals when accounts are terminated. | When application accounts are terminated, user accessibility is affected. Accounts are utilized for identifying individual application users or for identifying the application processes... |
| V-60725 | Medium | Google Search Appliances, when the maximum number of unsuccessful attempts is exceeded, must automatically lock the account/node for an organization-defined time period or lock the account/node until released by an administrator IAW organizational policy. | Anytime an authentication method is exposed so as to allow for the utilization of an application, there is a risk that attempts will be made to obtain unauthorized access.
To defeat these... |
| V-60727 | Medium | Google Search Appliances must display an approved system use notification message or banner before granting access to the system. | Applications are required to display an approved system use notification message or banner before granting access to the system providing privacy and security notices consistent with applicable... |
| V-60721 | Medium | Google Search Appliances must have the capability to limit the number of failed logon attempts to 3 attempts in 15 minutes. | Anytime an authentication method is exposed so as to allow for the utilization of an application, there is a risk that attempts will be made to obtain unauthorized access.
To defeat these... |
| V-60723 | Medium | The Google Search Appliance must enforce the 15 minute time period during which the limit of consecutive invalid access attempts by a user is counted. | Anytime an authentication method is exposed, so as to allow for the utilization of an application, there is a risk that attempts will be made to obtain unauthorized access.
To aid in defeating... |
