STIGQter STIGQter: STIG Summary: ISEC7 EMM Suite v6.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2019:

The ISEC7 EMM Suite must remove any unnecessaryusers or groups that have permissions to the server.xml file in Apache Tomcat.

DISA Rule

SV-106399r1_rule

Vulnerability Number

V-97295

Group Title

SRG-APP-000380

Rule Version

ISEC-06-551310

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Log in to the ISEC7 EMM Suite server.
Browse to ProgramFiles\Isec7 EMM Suite\Tomcat\Conf and select Server.xml
Right click and select Properties.
Select the security tab and remove unnecessaryaccounts or groups that have been granted permissions to the Server.xml file.

Check Contents

Verify unnecessaryusers or groups that have permissions to the Server.xml file in Apache Tomcat have been removed.

Browse to ProgramFiles\Isec7 EMM Suite\Tomcat\Conf and select Server.xml
Right click and select Properties.
Select the security tab and verify no unnecessaryaccount or groups have been granted permissions to the file.
Verify no unnecessaryusers or groups have permissions to the file.

If unnecessaryusers or groups that have permissions to the Server.xml file in Apache Tomcat have not been removed, this is a finding.

Vulnerability Number

V-97295

Documentable

False

Rule Version

ISEC-06-551310

Severity Override Guidance

Verify unnecessaryusers or groups that have permissions to the Server.xml file in Apache Tomcat have been removed.

Browse to ProgramFiles\Isec7 EMM Suite\Tomcat\Conf and select Server.xml
Right click and select Properties.
Select the security tab and verify no unnecessaryaccount or groups have been granted permissions to the file.
Verify no unnecessaryusers or groups have permissions to the file.

If unnecessaryusers or groups that have permissions to the Server.xml file in Apache Tomcat have not been removed, this is a finding.

Check Content Reference

M

Target Key

3503

Comments