V-240974 | High | vIDM, when installed in a MAC I system, must be in a high-availability (HA) cluster. | A MAC I system is a system that handles data vital to the organization's operational readiness or effectiveness of deployed or contingency forces. A MAC I system must maintain the highest level of... |
V-240971 | High | vIDM must utilize encryption when using LDAP for authentication. | Passwords need to be protected at all times, and encryption is the standard method for protecting passwords during transmission. Application servers have the capability to utilize LDAP directories... |
V-258456 | High | The version of vRealize Automation 7.x vIDM running on the system must be a supported version. | Security flaws with software applications are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. Organizations... |
V-240975 | Medium | The vRealize Automation appliance must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. | Configuring the vRealize Automation application to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a... |
V-240970 | Medium | vIDM must be configured correctly for the site enterprise user management system. | To assure accountability and prevent unauthorized access, application server users must be uniquely identified and authenticated. This is typically accomplished via the use of a user store which... |
V-240973 | Medium | vIDM must be configured to log activity to the horizon.log file. | The structure and content of error messages need to be carefully considered by the organization and development team. Any application providing too much information in error logs and in... |
V-240972 | Medium | vIDM must be configured to provide clustering. | This requirement is dependent upon system MAC and confidentiality. If the system MAC and confidentiality levels do not specify redundancy requirements, this requirement is NA. Failure to a known... |
V-240969 | Medium | vIDM must be configured to log activity to the horizon.log file. | Logging must be utilized in order to track system activity, assist in diagnosing system issues, and provide evidence needed for forensic investigations post security incident. Remote access by... |