The ISEC7 EMM Suite must accept Personal Identity Verification (PIV) credentials.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-224769	ISEC-06-001730	SV-224769r505933_rule		Low

Description
The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use of the CAC to support identity management and personal authentication for systems covered under HSPD 12, as well as a primary component of layered protection for national security systems.

STIG	Date
ISEC7 Sphere Security Technical Implementation Guide	2020-09-04

Details

Check Text ( C-26460r461563_chk )
Log in to the ISEC7 EMM Console. Navigate to Administration >> Configuration >> Settings. Verify the CAC login box has been checked. On the ISEC7 EMM Suite server, browse to the install directory. Default is %Install Drive%/Program Files/ISEC7 EMM Suite Select the conf folder. Open config.properties and confirm the following lines exist: cacUserUIDRegex=^CN=[^0-9]*\\.([0-9]+), cacUserUIDProperty=UserPrincipalName Browse to %Install Drive%/Program Files >> ISEC7 EMM Suite >> Tomcat >> conf Confirm the server.xml file has clientAuth="required" under the Connection. If the required commends do not exist in config.properties or if clientAuth does not ="required" in the server.xml file, this is a finding.

Check Text ( C-26460r461563_chk )

Log in to the ISEC7 EMM Console.

Navigate to Administration >> Configuration >> Settings.

Verify the CAC login box has been checked.

On the ISEC7 EMM Suite server, browse to the install directory.
Default is %Install Drive%/Program Files/ISEC7 EMM Suite
Select the conf folder.
Open config.properties and confirm the following lines exist:

cacUserUIDRegex=^CN=[^0-9]*\\.([0-9]+),
cacUserUIDProperty=UserPrincipalName

Browse to %Install Drive%/Program Files >> ISEC7 EMM Suite >> Tomcat >> conf
Confirm the server.xml file has clientAuth="required" under the Connection.

If the required commends do not exist in config.properties or if clientAuth does not ="required" in the server.xml file, this is a finding.

Fix Text (F-26448r461564_fix)
Log in to the ISEC7 EMM Console. Navigate to Administration >> Configuration >> Settings. Check the CAC login box. On the ISEC7 EMM Suite server, browse to the install directory. Default is %Install Drive%/Program Files/ISEC7 EMM Suite. Select the conf folder. Open config.properties and add the following lines: cacUserUIDRegex=^CN=[^0-9]*\\.([0-9]+), cacUserUIDProperty=UserPrincipalName Browse to %Install Drive%/Program Files >> ISEC7 EMM Suite >> Tomcat >> conf Open the server.xml file and add clientAuth="required" under the Connection.

Fix Text (F-26448r461564_fix)

Log in to the ISEC7 EMM Console.

Navigate to Administration >> Configuration >> Settings.
Check the CAC login box.
On the ISEC7 EMM Suite server, browse to the install directory.
Default is %Install Drive%/Program Files/ISEC7 EMM Suite.
Select the conf folder.
Open config.properties and add the following lines:

cacUserUIDRegex=^CN=[^0-9]*\\.([0-9]+),
cacUserUIDProperty=UserPrincipalName

Browse to %Install Drive%/Program Files >> ISEC7 EMM Suite >> Tomcat >> conf
Open the server.xml file and add clientAuth="required" under the Connection.