The ISEC7 EMM Suite must be configured to leverage the enterprise directory service accounts and groups for ISEC7 EMM Suite server admin identification and authentication.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-97261	ISEC-06-002510	SV-106375r1_rule		Medium

Description
A comprehensive account management process that includes automation helps to ensure the accounts designated as requiring attention are consistently and promptly addressed. If an attacker compromises an account, the entire infrastructure is at risk. Providing automated support functions for the management of accounts will ensure only active accounts will be granted access with the proper authorization levels. These objectives are best achieved by configuring the server to leverage an enterprise authentication mechanism (e.g., Microsoft Active Directory Kerberos).

Description

A comprehensive account management process that includes automation helps to ensure the accounts designated as requiring attention are consistently and promptly addressed. If an attacker compromises an account, the entire infrastructure is at risk. Providing automated support functions for the management of accounts will ensure only active accounts will be granted access with the proper authorization levels. These objectives are best achieved by configuring the server to leverage an enterprise authentication mechanism (e.g., Microsoft Active Directory Kerberos).

STIG	Date
ISEC7 EMM Suite v6.x Security Technical Implementation Guide	2019-09-05

Details

Check Text ( C-96099r1_chk )
Log in to the ISEC7 EMM Console. Navigate to Administration >> Configuration >> LDAP. Verify that a LDAP entry has been configured to the enterprise. Select Edit and confirm the Use for Login check box has been selected. Navigate to Administration >> Configuration >> Settings. Verify that Log in using (Default) has been set to the enterprise connection. If a LDAP entry has not been configured to the enterprise or Log in using (Default) has not been set to the enterprise connection, this is a finding.

Check Text ( C-96099r1_chk )

Log in to the ISEC7 EMM Console.
Navigate to Administration >> Configuration >> LDAP.
Verify that a LDAP entry has been configured to the enterprise.
Select Edit and confirm the Use for Login check box has been selected.
Navigate to Administration >> Configuration >> Settings.
Verify that Log in using (Default) has been set to the enterprise connection.

If a LDAP entry has not been configured to the enterprise or Log in using (Default) has not been set to the enterprise connection, this is a finding.

Fix Text (F-102943r1_fix)
Log in to the ISEC7 EMM Console. Navigate to Administration >> Configuration >> LDAP. Select Add new LDAP . Provide the connection information for the enterprise LDAP connection. Check the box Use for Login. Navigate to Administration >> Configuration >> Settings. Set Log in using (Default) to the enterprise connection.