Toggle Sidebar
  • Recent updates
    • Post is under moderation
      Doug Fish
      The requirement is for the application since we can't control user desktops. Thanks, Doug
      Stream item published successfully. Item will now be visible on your stream.
    • Post is under moderation
      Doug Fish
      When I click the logout button, it takes me back to the SSO Login screen. How do we enable a logout screen? Thanks, Doug
      Stream item published successfully. Item will now be visible on your stream.
    • Post is under moderation
      Doug Fish
      The requirement is for the application since we can't control user desktops. Thanks, Doug
      Stream item published successfully. Item will now be visible on your stream.
    • Post is under moderation
      Doug Fish
      Doug Fish added new listing Logout Message in SBM
      The information system displays an explicit logout message to users indicating the reliable termination of authenticated communications sessions. NIST SP 800-53 Revision 4 Access Control Procedure: ... The organization conducting the inspection/assessment examines the information system to ensure the organization being inspected/assessed configures the information system to display an explicit logout message to users indicating the reliable termination of authenticated communications sessions. For information system components that have applicable STIGs or SRGs, the organization conducting the inspection/assessment evaluates the components to ensure that the organization being inspected/assessed has configured the information system in compliance with the applicable STIGs and SRGs pertaining to CCI 2364.   Implementation Guidance: The organization being inspected/assessed configures the information system to display an explicit logout message to users indicating the reliable termination of authenticated communications sessions. For information system components that have applicable STIGs or SRGs, the organization being inspected/assessed must comply with the STIG/SRG guidance that pertains to CCI 2364.   CCI #: 002364 CCI Definition: The information system displays an explicit logout message to users indicating the reliable termination of authenticated communications sessions. More
      Stream item published successfully. Item will now be visible on your stream.
    • Post is under moderation
      Doug Fish
      Doug Fish added new listing Lock Screen Hides Screen in SBM
      The information system conceals, via the session lock, information previously visible on the display with a publicly viewable image. Procedure: The organization conducting the inspection/assessment e...xamines the information system to ensure the organization being inspected/assessed configures the information system to conceal, via the session lock, information previously visible on the display with a publicly viewable image. For information system components that have applicable STIGs or SRGs, the organization conducting the inspection/assessment evaluates the components to ensure that the organization being inspected/assessed has configured the information system in compliance with the applicable STIGs and SRGs pertaining to CCI 60.   Implementation Guidance: The organization being inspected/assessed configures the information system to conceal, via the session lock, information previously visible on the display with a publicly viewable image. For information system components that have applicable STIGs or SRGs, the organization being inspected/assessed must comply with the STIG/SRG guidance that pertains to CCI 60.   CCI #: 000060 CCI Definition: The information system conceals, via the session lock, information previously visible on the display with a publicly viewable image. More
      Stream item published successfully. Item will now be visible on your stream.
    • Post is under moderation
      Doug Fish
      Doug Fish added new listing Lock Screen in SBM
      The information system is configured to provide the capability for users to directly initiate session lock mechanisms. NIST SP 800-53 Revision 4 Access Control   Procedure: The organization conduc...ting the inspection/assessment examines the information system to ensure the organization being inspected/assessed configures the information system to provide the capability for users to directly initiate session lock mechanisms. For information system components that have applicable STIGs or SRGs, the organization conducting the inspection/assessment evaluates the components to ensure that the organization being inspected/assessed has configured the information system in compliance with the applicable STIGs and SRGs pertaining to CCI 58.   Implementation Guidance: The organization being inspected/assessed configures the information system to provide the capability for users to directly initiate session lock mechanisms. For information system components that have applicable STIGs or SRGs, the organization being inspected/assessed must comply with the STIG/SRG guidance that pertains to CCI 58.   CCI #: 000058 CCI Definition: The information system provides the capability for users to directly initiate session lock mechanisms.   Procedure: The organization conducting the inspection/assessment examines the information system to ensure the organization being inspected/assessed configures the information system to retain the session lock until the user reestablishes access using established identification and authentication procedures. For information system components that have applicable STIGs or SRGs, the organization conducting the inspection/assessment evaluates the components to ensure that the organization being inspected/assessed has configured the information system in compliance with the applicable STIGs and SRGs pertaining to CCI 56.   Implementation Guidance: The organization being inspected/assessed configures the information system to retain the session lock until the user reestablishes access using established identification and authentication procedures. For information system components that have applicable STIGs or SRGs, the organization being inspected/assessed must comply with the STIG/SRG guidance that pertains to CCI 56.   CCI #: 000056   CCI Definition: The information system retains the session lock until the user reestablishes access using established identification and authentication procedures. More
      Stream item published successfully. Item will now be visible on your stream.
    • Post is under moderation
      Administrators configure the information system to automatically notify the system administrator and ISSO for account creation/modification/deletion/disable/enable actions. NIST SP 800-53 Revision 4 ...Access Control   Procedure: The organization conducting the inspection/assessment examines the information system to ensure the organization being inspected/assessed configures the information system to notify the system administrator and ISSO for account creation actions. For information system components that have applicable STIGs or SRGs, the organization conducting the inspection/assessment evaluates the components to ensure that the organization being inspected/assessed has configured the information system in compliance with the applicable STIGs and SRGs pertaining to CCI 1683. DoD has defined the personnel or roles as the system administrator and ISSO.   Implementation Guidance: The organization being inspected/assessed configures the information system to notify the system administrator and ISSO for account creation actions. For information system components that have applicable STIGs or SRGs, the organization being inspected/assessed must comply with the STIG/SRG guidance that pertains to CCI 1683. DoD has defined the personnel or roles as the system administrator and ISSO.   CCI #: 001683 CCI Definition: The information system notifies organization-defined personnel or roles for account creation actions. More
      Stream item published successfully. Item will now be visible on your stream.
    • Post is under moderation
      Doug Fish
      Display the following information immediately at logon: Unsuccessful Logon Date Time IP Address   Successful Logon Date Time IP Address Group ID (Vulid):  V-16817Group Title:  APP3660Rul...e ID:  SV-17817r1_ruleSeverity: CAT III Rule Version (STIG-ID):  APP3660Rule Title: The designer will ensure the application has a capability to notify the user of important login information. Vulnerability Discussion:  Attempted logons must be controlled to prevent password guessing exploits and unauthorized access attempts. Responsibility:  System AdministratorIAControls:  ECLO-2 Check Content:  Policy: The designer will ensure the application has a capability to notify the user on logon of date and time of the user's last unsuccessful logon, IP address of the user’s last unsuccessful logon, date and time of the user's last successful logon, IP address of the user’s last successful logon, and number of unsuccessful logon attempts since the last successful logon. Check:If the application uses password authentication, try to logon to the system using an incorrect password. Restart the application and logon again using the correct password. After a successful logon to the application, logout of the application and note the date and times for the last success and unsuccessful logons. Again, logon to the application and determine whether the application correctly displays the following information immediately at logon: Unsuccessful LogonDate TimeIP Address Successful LogonDate TimeIP Address If the application does not correctly display the last unsuccessful and successful logon information immediately at login, it is a finding For CAC and NSA approved token authentication logons, remove the CAC or mistype the PIN to simulate an unsuccessful login. Fix Text: Display last login information. More
      Stream item published successfully. Item will now be visible on your stream.
    • Post is under moderation
      Doug Fish
      Doug Fish unlocked the badge Newbie
      Newbie
      Congrats on registering on the site!
      Stream item published successfully. Item will now be visible on your stream.
    • Post is under moderation
      Doug Fish
      Doug Fish just registered on the site
      Stream item published successfully. Item will now be visible on your stream.
  • No blogs available.

  • DateTitle
    11/05/2016 Logout Message
    11/05/2016 Lock Screen Hides Screen
    11/05/2016 Lock Screen
    11/05/2016 Automatic Email Notifications for User Account Actions
    09/04/2016 DoD STIG - Display last login info

Recent Tweets