STIGQter STIGQter: STIG Summary: ArcGIS for Server 10.3 Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 26 Jan 2018: The ArcGIS Server must provide audit record generation capability for DoD-defined auditable events within all application components.

DISA Rule

SV-79883r1_rule

Vulnerability Number

V-65393

Group Title

SRG-APP-000089

Rule Version

AGIS-00-000026

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Configure the ArcGIS Server to ensure mechanisms for providing audit record generation capability for DoD-defined auditable events within application components are provided. Substitute the target environment’s values for [bracketed] variables.

Open "ArcGIS Server Manager" ([https://server.domain.com/arcgis]/manager) (log on when prompted).

Navigate to the "Logs" tab. Open "Settings". Change the "Log Level" value to "VERBOSE", then click "Save".

Check Contents

Review the ArcGIS Server configuration to ensure mechanisms for providing audit record generation capability for DoD-defined auditable events within application components are provided. Substitute the target environment’s values for [bracketed] variables.

Navigate to [https://server.domain.com/arcgis]/admin/logs/settings (log on when prompted).

Verify the "Log Level" value is set to "VERBOSE".

If this value is set to any value other than "VERBOSE", this is a finding.

Vulnerability Number

V-65393

Documentable

False

Rule Version

AGIS-00-000026

Severity Override Guidance

Review the ArcGIS Server configuration to ensure mechanisms for providing audit record generation capability for DoD-defined auditable events within application components are provided. Substitute the target environment’s values for [bracketed] variables.

Navigate to [https://server.domain.com/arcgis]/admin/logs/settings (log on when prompted).

Verify the "Log Level" value is set to "VERBOSE".

If this value is set to any value other than "VERBOSE", this is a finding.

Check Content Reference

M

Target Key

2961

Comments