| Checked | Name | Title |
|---|
| ☐ | SV-100533r1_rule | tc Server VCO must limit the number of maximum concurrent connections permitted. |
| ☐ | SV-100535r1_rule | tc Server VCAC must limit the number of maximum concurrent connections permitted. |
| ☐ | SV-100537r1_rule | tc Server HORIZON must limit the amount of time that each TCP connection is kept alive. |
| ☐ | SV-100539r1_rule | tc Server VCO must limit the amount of time that each TCP connection is kept alive. |
| ☐ | SV-100541r1_rule | tc Server VCAC must limit the amount of time that each TCP connection is kept alive. |
| ☐ | SV-100543r1_rule | tc Server HORIZON must limit the number of times that each TCP connection is kept alive. |
| ☐ | SV-100545r1_rule | tc Server VCO must limit the number of times that each TCP connection is kept alive. |
| ☐ | SV-100547r1_rule | tc Server VCAC must limit the number of times that each TCP connection is kept alive. |
| ☐ | SV-100549r1_rule | tc Server HORIZON must perform server-side session management. |
| ☐ | SV-100551r1_rule | tc Server VCO must perform server-side session management. |
| ☐ | SV-100553r1_rule | tc Server VCAC must perform server-side session management. |
| ☐ | SV-100555r1_rule | tc Server HORIZON must be configured with FIPS 140-2 compliant ciphers for HTTPS connections. |
| ☐ | SV-100557r1_rule | tc Server VCAC must be configured with FIPS 140-2 compliant ciphers for HTTPS connections. |
| ☐ | SV-100559r1_rule | tc Server HORIZON must use cryptography to protect the integrity of remote sessions. |
| ☐ | SV-100561r1_rule | tc Server HORIZON must record user access in a format that enables monitoring of remote access. |
| ☐ | SV-100563r1_rule | tc Server VCO must record user access in a format that enables monitoring of remote access. |
| ☐ | SV-100565r1_rule | tc Server VCAC must record user access in a format that enables monitoring of remote access. |
| ☐ | SV-100567r1_rule | tc Server ALL must generate log records for system startup and shutdown. |
| ☐ | SV-100569r1_rule | tc Server HORIZON must generate log records for user access and authentication events. |
| ☐ | SV-100571r1_rule | tc Server VCO must generate log records for user access and authentication events. |
| ☐ | SV-100573r1_rule | tc Server VCAC must generate log records for user access and authentication events. |
| ☐ | SV-100575r1_rule | tc Server ALL must initiate logging during service start-up. |
| ☐ | SV-100577r1_rule | tc Server HORIZON must capture, record, and log all content related to a user session. |
| ☐ | SV-100579r1_rule | tc Server VCO must capture, record, and log all content related to a user session. |
| ☐ | SV-100581r1_rule | tc Server VCAC must capture, record, and log all content related to a user session. |
| ☐ | SV-100583r1_rule | tc Server HORIZON must produce log records containing sufficient information to establish what type of events occurred. |
| ☐ | SV-100585r1_rule | tc Server VCO must produce log records containing sufficient information to establish what type of events occurred. |
| ☐ | SV-100587r1_rule | tc Server VCAC must produce log records containing sufficient information to establish what type of events occurred. |
| ☐ | SV-100589r1_rule | tc Server HORIZON must produce log records containing sufficient information to establish when (date and time) events occurred. |
| ☐ | SV-100591r1_rule | tc Server VCO must produce log records containing sufficient information to establish when (date and time) events occurred. |
| ☐ | SV-100593r1_rule | tc Server VCAC must produce log records containing sufficient information to establish when (date and time) events occurred. |
| ☐ | SV-100595r1_rule | tc Server HORIZON must produce log records containing sufficient information to establish where within the web server the events occurred. |
| ☐ | SV-100597r1_rule | tc Server VCO must produce log records containing sufficient information to establish where within the web server the events occurred. |
| ☐ | SV-100599r1_rule | tc Server VCAC must produce log records containing sufficient information to establish where within the web server the events occurred. |
| ☐ | SV-100601r1_rule | tc Server HORIZON must produce log records containing sufficient information to establish the source of events. |
| ☐ | SV-100603r1_rule | tc Server VCO must produce log records containing sufficient information to establish the source of events. |
| ☐ | SV-100605r1_rule | tc Server VCAC must produce log records containing sufficient information to establish the source of events. |
| ☐ | SV-100607r1_rule | tc Server HORIZON must be configured with the RemoteIpValve in order to produce log records containing the client IP information as the source and destination and not the load balancer or proxy IP information with each event. |
| ☐ | SV-100609r1_rule | tc Server VCO must be configured with the RemoteIpValve in order to produce log records containing the client IP information as the source and destination and not the load balancer or proxy IP information with each event. |
| ☐ | SV-100611r1_rule | tc Server VCAC must be configured with the RemoteIpValve in order to produce log records containing the client IP information as the source and destination and not the load balancer or proxy IP information with each event. |
| ☐ | SV-100613r1_rule | tc Server HORIZON must produce log records that contain sufficient information to establish the outcome (success or failure) of events. |
| ☐ | SV-100615r1_rule | tc Server VCO must produce log records that contain sufficient information to establish the outcome (success or failure) of events. |
| ☐ | SV-100617r1_rule | tc Server VCAC must produce log records that contain sufficient information to establish the outcome (success or failure) of events. |
| ☐ | SV-100619r1_rule | tc Server HORIZON must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event. |
| ☐ | SV-100621r1_rule | tc Server VCO must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event. |
| ☐ | SV-100623r1_rule | tc Server VCAC must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event. |
| ☐ | SV-100625r1_rule | tc Server ALL must use a logging mechanism that is configured to alert the ISSO and SA in the event of a processing failure. |
| ☐ | SV-100627r1_rule | tc Server HORIZON log files must only be accessible by privileged users. |
| ☐ | SV-100629r1_rule | tc Server VCO log files must only be accessible by privileged users. |
| ☐ | SV-100631r1_rule | tc Server VCAC log files must only be accessible by privileged users. |
| ☐ | SV-100633r1_rule | tc Server HORIZON log files must be protected from unauthorized modification. |
| ☐ | SV-100635r1_rule | tc Server VCO log files must be protected from unauthorized modification. |
| ☐ | SV-100637r1_rule | tc Server VCAC log files must be protected from unauthorized modification. |
| ☐ | SV-100639r1_rule | tc Server HORIZON log files must be protected from unauthorized deletion. |
| ☐ | SV-100641r1_rule | tc Server VCO log files must be protected from unauthorized deletion. |
| ☐ | SV-100643r1_rule | tc Server VCAC log files must be protected from unauthorized deletion. |
| ☐ | SV-100645r1_rule | tc Server ALL log data and records must be backed up onto a different system or media. |
| ☐ | SV-100647r1_rule | tc Server ALL server files must be verified for their integrity (e.g., checksums and hashes) before becoming part of the production web server. |
| ☐ | SV-100649r1_rule | tc Server ALL expansion modules must be fully reviewed, tested, and signed before they can exist on a production web server. |
| ☐ | SV-100651r1_rule | tc Server HORIZON must not use the tomcat-users XML database for user management. |
| ☐ | SV-100653r1_rule | tc Server VCO must not use the tomcat-users XML database for user management. |
| ☐ | SV-100655r1_rule | tc Server VCAC must not use the tomcat-users XML database for user management. |
| ☐ | SV-100657r1_rule | tc Server ALL must only contain services and functions necessary for operation. |
| ☐ | SV-100659r1_rule | tc Server ALL must exclude documentation, sample code, example applications, and tutorials. |
| ☐ | SV-100661r1_rule | tc Server ALL must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled. |
| ☐ | SV-100663r1_rule | tc Server ALL must have all mappings to unused and vulnerable scripts to be removed. |
| ☐ | SV-100665r1_rule | tc Server HORIZON must have mappings set for Java Servlet Pages. |
| ☐ | SV-100667r1_rule | tc Server VCO must have mappings set for Java Servlet Pages. |
| ☐ | SV-100669r1_rule | tc Server VCAC must have mappings set for Java Servlet Pages. |
| ☐ | SV-100671r1_rule | tc Server ALL must not have the Web Distributed Authoring (WebDAV) servlet installed. |
| ☐ | SV-100673r1_rule | tc Server HORIZON must be configured with memory leak protection. |
| ☐ | SV-100675r1_rule | tc Server VCO must be configured with memory leak protection. |
| ☐ | SV-100677r1_rule | tc Server VCAC must be configured with memory leak protection. |
| ☐ | SV-100679r1_rule | tc Server VCO must not have any symbolic links in the web content directory tree. |
| ☐ | SV-100681r1_rule | tc Server HORIZON must be configured to use a specified IP address and port. |
| ☐ | SV-100683r1_rule | tc Server VCO must be configured to use a specified IP address and port. |
| ☐ | SV-100685r1_rule | tc Server VCAC must be configured to use a specified IP address and port. |
| ☐ | SV-100687r1_rule | tc Server HORIZON must encrypt passwords during transmission. |
| ☐ | SV-100689r1_rule | tc Server VCAC must encrypt passwords during transmission. |
| ☐ | SV-100691r1_rule | tc Server ALL must validate client certificates, to include all intermediary CAs, to ensure the client-presented certificates are valid and that the entire trust chain is valid. |
| ☐ | SV-100693r1_rule | tc Server HORIZON must use cryptographic modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when authenticating users and processes. |
| ☐ | SV-100695r1_rule | tc Server VCAC must use cryptographic modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when authenticating users and processes. |
| ☐ | SV-100697r1_rule | tc Server HORIZON accounts accessing the directory tree, the shell, or other operating system functions and utilities must be administrative accounts. |
| ☐ | SV-100699r1_rule | tc Server VCO accounts accessing the directory tree, the shell, or other operating system functions and utilities must be administrative accounts. |
| ☐ | SV-100701r1_rule | tc Server VCAC accounts accessing the directory tree, the shell, or other operating system functions and utilities must be administrative accounts. |
| ☐ | SV-100703r1_rule | tc Server HORIZON web server application directories must not be accessible to anonymous user. |
| ☐ | SV-100705r1_rule | tc Server VCO web server application directories must not be accessible to anonymous user. |
| ☐ | SV-100707r1_rule | tc Server VCAC web server application directories must not be accessible to anonymous user. |
| ☐ | SV-100709r1_rule | tc Server ALL baseline must be documented and maintained. |
| ☐ | SV-100711r1_rule | tc Server HORIZON must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail. |
| ☐ | SV-100713r1_rule | tc Server VCO must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail. |
| ☐ | SV-100715r1_rule | tc Server VCAC must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail. |
| ☐ | SV-100717r1_rule | tc Server HORIZON document directory must be in a separate partition from the web servers system files. |
| ☐ | SV-100719r1_rule | tc Server VCO document directory must be in a separate partition from the web servers system files. |
| ☐ | SV-100721r1_rule | tc Server VCAC document directory must be in a separate partition from the web servers system files. |
| ☐ | SV-100723r1_rule | tc Server HORIZON must be configured with a cross-site scripting (XSS) filter. |
| ☐ | SV-100725r1_rule | tc Server VCO must be configured with a cross-site scripting (XSS) filter. |
| ☐ | SV-100727r1_rule | tc Server VCAC must be configured with a cross-site scripting (XSS) filter. |
| ☐ | SV-100729r1_rule | tc Server HORIZON must set URIEncoding to UTF-8. |
| ☐ | SV-100731r1_rule | tc Server VCO must set URIEncoding to UTF-8. |
| ☐ | SV-100733r1_rule | tc Server HORIZON must use the setCharacterEncodingFilter filter. |
| ☐ | SV-100735r1_rule | tc Server VCO must use the setCharacterEncodingFilter filter. |
| ☐ | SV-100737r1_rule | tc Server VCAC must set URIEncoding to UTF-8. |
| ☐ | SV-100739r1_rule | tc Server VCAC must use the setCharacterEncodingFilter filter. |
| ☐ | SV-100741r1_rule | tc Server HORIZON must set the welcome-file node to a default web page. |
| ☐ | SV-100743r1_rule | tc Server VCO must set the welcome-file node to a default web page. |
| ☐ | SV-100745r1_rule | tc Server VCAC must set the welcome-file node to a default web page. |
| ☐ | SV-100747r1_rule | tc Server HORIZON must have the allowTrace parameter set to false. |
| ☐ | SV-100749r1_rule | tc Server VCO must have the allowTrace parameter set to false. |
| ☐ | SV-100751r1_rule | tc Server VCAC must have the allowTrace parameter set to false. |
| ☐ | SV-100753r1_rule | tc Server HORIZON must have the debug option turned off. |
| ☐ | SV-100755r1_rule | tc Server VCO must have the debug option turned off. |
| ☐ | SV-100757r1_rule | tc Server VCAC must have the debug option turned off. |
| ☐ | SV-100759r1_rule | tc Server HORIZON must set an inactive timeout for sessions. |
| ☐ | SV-100761r1_rule | tc Server VCO must set an inactive timeout for sessions. |
| ☐ | SV-100763r1_rule | tc Server VCAC must set an inactive timeout for sessions. |
| ☐ | SV-100765r1_rule | tc Server ALL must be configured to the correct user authentication source. |
| ☐ | SV-100767r1_rule | tc Server HORIZON must be configured to use the https scheme. |
| ☐ | SV-100769r1_rule | tc Server VCAC must be configured to use the https scheme. |
| ☐ | SV-100771r1_rule | tc Server ALL must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the web server. |
| ☐ | SV-100773r1_rule | tc Server ALL must use a logging mechanism that is configured to provide a warning to the ISSO and SA when allocated record storage volume reaches 75% of maximum log record storage capacity. |
| ☐ | SV-100775r1_rule | tc Server HORIZON must generate log records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT). |
| ☐ | SV-100777r1_rule | tc Server VCO must generate log records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT). |
| ☐ | SV-100779r1_rule | tc Server VCAC must generate log records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT). |
| ☐ | SV-100781r1_rule | tc Server HORIZON must record time stamps for log records to a minimum granularity of one second. |
| ☐ | SV-100783r1_rule | tc Server VCO must record time stamps for log records to a minimum granularity of one second. |
| ☐ | SV-100785r1_rule | tc Server VCAC must record time stamps for log records to a minimum granularity of one second. |
| ☐ | SV-100787r1_rule | tc Server HORIZON application, libraries, and configuration files must only be accessible to privileged users. |
| ☐ | SV-100789r1_rule | tc Server VCO application, libraries, and configuration files must only be accessible to privileged users. |
| ☐ | SV-100791r1_rule | tc Server VCAC application, libraries, and configuration files must only be accessible to privileged users. |
| ☐ | SV-100793r1_rule | tc Server HORIZON must be configured with the appropriate ports. |
| ☐ | SV-100795r1_rule | tc Server VCO must be configured with the appropriate ports. |
| ☐ | SV-100797r1_rule | tc Server VCAC must be configured with the appropriate ports. |
| ☐ | SV-100799r1_rule | tc Server HORIZON must use NSA Suite A cryptography when encrypting data that must be compartmentalized. |
| ☐ | SV-100801r1_rule | tc Server VCAC must use NSA Suite A cryptography when encrypting data that must be compartmentalized. |
| ☐ | SV-100803r1_rule | tc Server HORIZON must disable the shutdown port. |
| ☐ | SV-100805r1_rule | tc Server VCO must disable the shutdown port. |
| ☐ | SV-100807r1_rule | tc Server VCAC must disable the shutdown port. |
| ☐ | SV-100809r1_rule | tc Server HORIZON must employ cryptographic mechanisms (TLS/DTLS/SSL) preventing the unauthorized disclosure of information during transmission. |
| ☐ | SV-100811r1_rule | tc Server VCAC must employ cryptographic mechanisms (TLS/DTLS/SSL) preventing the unauthorized disclosure of information during transmission. |
| ☐ | SV-100813r1_rule | tc Server HORIZON session IDs must be sent to the client using SSL/TLS. |
| ☐ | SV-100815r1_rule | tc Server VCAC session IDs must be sent to the client using SSL/TLS. |
| ☐ | SV-100817r1_rule | tc Server HORIZON must set the useHttpOnly parameter. |
| ☐ | SV-100819r1_rule | tc Server VCO must set the useHttpOnly parameter. |
| ☐ | SV-100821r1_rule | tc Server VCAC must set the useHttpOnly parameter. |
| ☐ | SV-100823r1_rule | tc Server HORIZON must set the secure flag for cookies. |
| ☐ | SV-100825r1_rule | tc Server VCO must set the secure flag for cookies. |
| ☐ | SV-100827r1_rule | tc Server VCAC must set the secure flag for cookies. |
| ☐ | SV-100829r1_rule | tc Server HORIZON must set sslEnabledProtocols to an approved Transport Layer Security (TLS) version. |
| ☐ | SV-100831r1_rule | tc Server VCAC must set sslEnabledProtocols to an approved Transport Layer Security (TLS) version. |
| ☐ | SV-100833r1_rule | tc Server HORIZON must remove all export ciphers to protect the confidentiality and integrity of transmitted information. |
| ☐ | SV-100835r1_rule | tc Server VCAC must remove all export ciphers to protect the confidentiality and integrity of transmitted information. |
| ☐ | SV-100837r1_rule | tc Server HORIZON must use approved Transport Layer Security (TLS) versions to maintain the confidentiality and integrity of information during reception. |
| ☐ | SV-100839r1_rule | tc Server VCAC must use approved Transport Layer Security (TLS) versions to maintain the confidentiality and integrity of information during reception. |
| ☐ | SV-100841r1_rule | tc Server ALL must have all security-relevant software updates installed within the configured time period directed by an authoritative source. |
| ☐ | SV-100843r1_rule | tc Server ALL must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. |
| ☐ | SV-100991r1_rule | tc Server HORIZON must limit the number of maximum concurrent connections permitted. |
| ☐ | SV-100993r1_rule | tc Server VCAC must use cryptography to protect the integrity of remote sessions. |
| ☐ | SV-100995r1_rule | tc Server ALL must exclude installation of utility programs, services, plug-ins, and modules not necessary for operation. |
| ☐ | SV-100997r1_rule | tc Server ALL must only allow authenticated system administrators to have access to the keystore. |
| ☐ | SV-100999r1_rule | tc Server ALL log files must be moved to a permanent repository in accordance with site policy. |
STIGQter: STIG Summary: