STIGQter STIGQter: STIG Summary: ISEC7 Sphere Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The LockOutRealm must be configured with a login lockout time of 15 minutes.

DISA Rule

SV-224784r505933_rule

Vulnerability Number

V-224784

Group Title

SRG-APP-000516

Rule Version

ISEC-06-550310

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Add lockOutTime parameter to the LockOutRealm configuration:

Login to the ISEC7 EMM Suite server.
Navigate to <Drive>:\Program Files\Isec7 EMM Suite\Tomcat\Config
Open the server.xml file with Notepad.
Select Edit>Find and search for LockOutRealm.
Add the following line is in the server.xml file:

<Realm className="org.apache.catalina.realm.LockOutRealm" failureCount="3" lockOutTime="900" >

Restart the ISEC7 EMM Suite Web service in the services.msc

Check Contents

Verify the lockOutTime parameter is set to 900 in the LockOutRealm configuration.

Login to the ISEC7 EMM Suite server.
Navigate to <Drive>:\Program Files\Isec7 EMM Suite\Tomcat\Config
Open the server.xml file with Notepad.
Select Edit >> Find and search for LockOutRealm.
Verify the lockOutTime parameter is set to 900 in the following file:

<Realm className="org.apache.catalina.realm.LockOutRealm" failureCount="3" lockOutTime="900" >

If the lockOutTime parameter is not set to 900 in the LockOutRealm configuration, this is a finding.

Vulnerability Number

V-224784

Documentable

False

Rule Version

ISEC-06-550310

Severity Override Guidance

Verify the lockOutTime parameter is set to 900 in the LockOutRealm configuration.

Login to the ISEC7 EMM Suite server.
Navigate to <Drive>:\Program Files\Isec7 EMM Suite\Tomcat\Config
Open the server.xml file with Notepad.
Select Edit >> Find and search for LockOutRealm.
Verify the lockOutTime parameter is set to 900 in the following file:

<Realm className="org.apache.catalina.realm.LockOutRealm" failureCount="3" lockOutTime="900" >

If the lockOutTime parameter is not set to 900 in the LockOutRealm configuration, this is a finding.

Check Content Reference

M

Target Key

4200

Comments