UCF STIG Viewer Logo

SPEC Innovations Innoslate 4.x Security Technical Implementation Guide


Overview

Date Finding Count (11)
2022-08-31 CAT I (High): 3 CAT II (Med): 8 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Public)

Finding ID Severity Title
V-254087 High Innoslate must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.
V-254094 High Innoslate must map the authenticated identity to the individual user or group account for PKI-based authentication.
V-254093 High Innoslate must use multifactor authentication for network access to privileged and non-privileged accounts.
V-254086 Medium Innoslate must initiate a session lock after a 15-minute period of inactivity.
V-254096 Medium Innoslate must generate audit records when DoD required events occur.
V-254095 Medium Innoslate must off-load audit records onto a different system or media than the system being audited.
V-254092 Medium Innoslate must generate comprehensive audit records.
V-254091 Medium The publicly accessible application must display the Standard Mandatory DoD Notice and Consent Banner before granting access to Innoslate.
V-254090 Medium Innoslate must enforce approved authorizations for controlling the flow of information within the system based on organization-defined information flow control policies.
V-254088 Medium Innoslate must provide automated mechanisms for supporting account management functions.
V-254089 Medium Innoslate must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.