UCF STIG Viewer Logo

MarkLogic Server must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accordance with Ports, Protocols, and Services Management (PPSM) guidance.


Overview

Finding ID Version Rule ID IA Controls Severity
V-220384 ML09-00-008000 SV-220384r855489_rule Medium
Description
Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats.
STIG Date
MarkLogic Server v9 Security Technical Implementation Guide 2022-09-12

Details

Check Text ( C-22099r401603_chk )
Review the network functions, ports, protocols, and services supported by MarkLogic for any that are prohibited by the PPSM guidance.

Perform the check from the MarkLogic Server Admin Interface with a user that holds administrative-level privileges.

1. Click the Groups icon.
2. Click the group in which the configuration to be checked resides (e.g., Default).
3. Click the App Servers icon on the left tree menu.
4. Inspect the Summary screen for the Type/Port/ and SSL configuration.
5. If any of the App Servers uses a protocol or port prohibited by the PPSM guidance, this is a finding.
Fix Text (F-22088r401604_fix)
Disable each prohibited network function, port, protocol, or service in MarkLogic.

Perform the fix from the MarkLogic Server Admin Interface with a user that holds administrative-level privileges.

1. Click the Groups icon.
2. Click the group in which the configuration to be checked resides (e.g., Default).
3. Click the App Servers icon on the left tree menu.
4. For any App Server that uses a prohibited port or protocol either disable the App Server or reconfigure to be compliant with the PPSM.