UCF STIG Viewer Logo

Google Search Appliance Security Technical Implementation Guide


Overview

Date Finding Count (33)
2015-07-07 CAT I (High): 1 CAT II (Med): 32 CAT III (Low): 0
STIG Description
Developed by Microsoft in coordination with DISA for use in the DoD. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-60771 High The Google Search Appliance must be configured to prevent browsers from saving user credentials.
V-60769 Medium The Google Search Appliance must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).
V-60749 Medium The Google Search Appliance must alert designated organizational officials in the event of an audit processing failure.
V-60747 Medium The Google Search Appliance must provide a real-time alert when all audit failure events occur.
V-60767 Medium The Google Search Appliance must support the requirement to back up audit data and records onto a different system or media than the system being audited at least every seven days.
V-60789 Medium The Google Search Appliances must respond to security function anomalies by notifying the system administrator.
V-60783 Medium The Google Search Appliance must support DoD requirements to enforce password complexity by the number of special characters used.
V-60787 Medium Google Search Appliances must enforce password minimum lifetime restrictions.
V-60785 Medium The Google Search Appliance must support organizational requirements to enforce password encryption for transmission.
V-60777 Medium The Google Search Appliance must support DoD requirements to enforce password complexity by the number of lower case characters used.
V-60775 Medium The Google Search Appliance must support DoD requirements to enforce password complexity by the number of upper case characters used.
V-60773 Medium The Google Search Appliance must support DoD requirements to enforce minimum password length.
V-60717 Medium Google Search Appliances must provide automated mechanisms for supporting user account management. The automated mechanisms may reside within the application itself or may be offered by the operating system or other infrastructure providing automated account management capabilities.
V-60719 Medium Google Search Appliance users must utilize a separate, distinct administrative account when accessing application security functions or security-relevant information. Non-privileged accounts must be utilized when accessing non-administrative application functions. The application must provide this functionality itself or leverage an existing technology providing this capability.
V-60731 Medium Google Search Appliances must display an approved system use notification message or banner before granting access to the system.
V-60779 Medium The Google Search Appliance must support DoD requirements to enforce password complexity by the number of numeric characters used.
V-60395 Medium Google Search Appliances providing remote access capabilities must utilize approved cryptography to protect the confidentiality of remote access sessions.
V-60751 Medium The Google Search Appliance must be capable of taking organization-defined actions upon audit failure (e.g., overwrite oldest audit records, stop generating audit records, cease processing, notify of audit failure).
V-60753 Medium The Google Search Appliance must synchronize with internal information system clocks which in turn, are synchronized on a 24 hour frequency with a 24 hour authoritative time source.
V-60799 Medium The Google Search Appliance must notify appropriate individuals when accounts are modified.
V-60733 Medium To support DoD requirements to centrally manage the content of audit records, Google Search Appliances must provide the ability to write specified audit record content to a centralized audit log repository.
V-60791 Medium Google Search Appliance must ensure authentication of both client and server during the entire session. An example of this is SSL Mutual Authentication.
V-60793 Medium The Google Search Appliance must employ automated mechanisms to alert security personnel of inappropriate or unusual activities with security implications.
V-60795 Medium The Google Search Appliance must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission unless the transmitted data is otherwise protected by alternative physical measures.
V-60797 Medium The Google Search Appliance must notify appropriate individuals when accounts are created.
V-60805 Medium The Google Search Appliance must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. IP restriction must be implemented.
V-60729 Medium The Google Search Appliance must retain the notification message or banner on the screen until users take explicit actions to logon to or further access.
V-60801 Medium The Google Search Appliance must notify appropriate individuals when account disabling actions are taken.
V-60803 Medium The Google Search Appliance must notify appropriate individuals when accounts are terminated.
V-60725 Medium Google Search Appliances, when the maximum number of unsuccessful attempts is exceeded, must automatically lock the account/node for an organization-defined time period or lock the account/node until released by an administrator IAW organizational policy.
V-60727 Medium Google Search Appliances must display an approved system use notification message or banner before granting access to the system.
V-60721 Medium Google Search Appliances must have the capability to limit the number of failed logon attempts to 3 attempts in 15 minutes.
V-60723 Medium The Google Search Appliance must enforce the 15 minute time period during which the limit of consecutive invalid access attempts by a user is counted.