Arctic Wolf CylanceON-PREM V1R1

a

CylanceON-PREM must be configured to use a third-party identity provider.

AC-10 - Low - CCI-000054 - V-272627 - SV-272627r1113422_rule

RMF Control

AC-10

Severity

L

CCI

CCI-000054

Version

CYLN-OP-000010

Vuln IDs

V-272627

Rule IDs

SV-272627r1113422_rule

Configuring CylanceON-PREM to integrate with an Enterprise Identity Provider enhances security, simplifies user management, ensures compliance, provides auditing capabilities, and offers a more seamless and consistent user experience. It aligns CylanceON-PREM with enterprise standards and contributes to a more efficient and secure environment. Satisfies: SRG-APP-000001, SRG-APP-000023, SRG-APP-000025, SRG-APP-000033, SRG-APP-000065, SRG-APP-000118, SRG-APP-000121, SRG-APP-000148, SRG-APP-000149, SRG-APP-000150, SRG-APP-000153, SRG-APP-000154, SRG-APP-000155, SRG-APP-000157, SRG-APP-000163, SRG-APP-000164, SRG-APP-000165, SRG-APP-000166, SRG-APP-000167, SRG-APP-000168, SRG-APP-000169, SRG-APP-000170, SRG-APP-000173, SRG-APP-000176, SRG-APP-000177, SRG-APP-000183, SRG-APP-000185, SRG-APP-000345, SRG-APP-000400, SRG-APP-000401, SRG-APP-000404, SRG-APP-000405, SRG-APP-000461, SRG-APP-000700, SRG-APP-000705, SRG-APP-000710, SRG-APP-000715, SRG-APP-000720, SRG-APP-000730, SRG-APP-000735, SRG-APP-000740, SRG-APP-000815, SRG-APP-000820, SRG-APP-000825, SRG-APP-000830, SRG-APP-000835, SRG-APP-000840, SRG-APP-000845, SRG-APP-000850, SRG-APP-000855, SRG-APP-000860, SRG-APP-000865, SRG-APP-000870, SRG-APP-000875

Checks: C-76708r1113420_chk

Verify Identity Provider (IDP) settings. Administrator privileges are required. Using LDAP: 1. Log in to the admin console. 2. Navigate to Configuration >> Settings. 3. Locate the LDAP section. If LDAP (an authorized IDP) is not configured correctly or is disabled, this is not a finding. Not using LDAP: 1. Log in to the admin console. 2. Navigate to Configuration >> Settings. 3. Locate Identity Provider Settings. Review documentation of allowed IDPs. If IDP settings are not configured correctly or the IDP is disabled or not authorized, this is a finding.

Fix: F-76613r1113421_fix

Configure CylanceON-PREM to accept authentication from an external identity provider. Administrator privileges are required. Using LDAP: 1. Log in to the admin console. 2. Navigate to Configuration >> Settings. 3. Locate the LDAP section. 4. Enable Identity Provider Settings. 5. Enter the identity provider information. 6. Test the connection. 7. Click the green check. Not using LDAP: 1. Log in to the admin console. 2. Navigate to Configuration >> Settings. 3. Locate Identity Provider Settings. 4. Enable the Identity Provider toggle. 5. Enter the identity provider information. - Single Sign-On: This is the single sign-on or SAML response URL that is provided by the identity provider. - Entity ID: This is the entity ID, issuer, or application name that is provided by the identity provider. - x.509 Certificate: This is provided by the identity provider. 6. Click the green check. CylanceON-PREM will generate a Service Provider Entity ID that the identity provider will need to complete the single sign-on configuration.

b

CylanceON-PREM must be configured to initiate a session timeout after 10 minutes of inactivity.

AC-11 - Medium - CCI-000057 - V-272628 - SV-272628r1113425_rule

RMF Control

AC-11

Severity

M

CCI

CCI-000057

Version

CYLN-OP-000015

Vuln IDs

V-272628

Rule IDs

SV-272628r1113425_rule

Ensuring inactive sessions are terminated provides protection against misuse of the system. Satisfies: SRG-APP-000003, SRG-APP-000190, SRG-APP-000295

Checks: C-76709r1113423_chk

Verify Session timeout. 1. Log in to the admin console. 2. Navigate to CONFIGURATION >> Settings. 3. Find Session Timeout. If the value is not set to 10 minutes, this is a finding.

Fix: F-76614r1113424_fix

Configure Session timeout. Administrator privileges are required to change Session timeout. 1. Log in to the admin console. 2. Navigate to CONFIGURATION >> Settings. 3. Find "Session Timeout". Click "Edit". 4. Set to 10 minutes. 5. Click "Apply".

c

CylanceON-PREM must be configured to use TLS 1.2 or higher.

AC-17 - High - CCI-000068 - V-272629 - SV-272629r1113430_rule

RMF Control

AC-17

Severity

H

CCI

CCI-000068

Version

CYLN-OP-000025

Vuln IDs

V-272629

Rule IDs

SV-272629r1113430_rule

Using older unauthorized versions or incorrectly configuring protocol negotiation makes the gateway vulnerable to known and unknown attacks that exploit vulnerabilities in this protocol. Satisfies: SRG-APP-000014, SRG-APP-000156, SRG-APP-000172, SRG-APP-000179, SRG-APP-000219, SRG-APP-000439, SRG-APP-000440, SRG-APP-000441, SRG-APP-000442, SRG-APP-000560, SRG-APP-000565, SRG-APP-000605, SRG-APP-000645

Checks: C-76710r1113428_chk

Verify Cipher configuration. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to CONFIGURATION >> Settings. 3. Find CylanceON-PREM Info >> Certificate Cipher. If the value is not set to Modern Mode (TLS 1.2+), this is a finding.

Fix: F-76615r1113429_fix

Configure Cipher. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to CONFIGURATION >> Settings. 3. Find CylanceON-PREM Info >> Certificate Cipher. 4. Click "Change". 5. Select "Modern Mode (TS 1.2+)". 6. Click "Update".

b

CylanceON-PREM must be configured to show the standard mandatory DOD Notice and Consent Banner before granting access to CylanceON-PREM.

AC-8 - Medium - CCI-000048 - V-272630 - SV-272630r1113685_rule

RMF Control

AC-8

Severity

M

CCI

CCI-000048

Version

CYLN-OP-000095

Vuln IDs

V-272630

Rule IDs

SV-272630r1113685_rule

Presentation of the standard DOD Notice and Consent Banner is required to ensure privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. Use the following verbiage: "You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions: -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. -At any time, the USG may inspect and seize data stored on this IS. -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy. -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details." Use the following verbiage for operating systems that have severe limitations on the number of characters that can be displayed in the banner: "I've read & consent to terms in IS user agreem't." Satisfies: SRG-APP-000068, SRG-APP-000069, SRG-APP-000070

Checks: C-76711r1112738_chk

Verify Login Screen Banner. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to CONFIGURATION >> Settings. 3. Find the Login Screen Banner and click "Edit". If the Login Screen Banner is not enabled or is not configured to display the standard DOD Notice and Consent Banner, this is a finding.

Fix: F-76616r1113684_fix

Verify Login Screen Banner. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to CONFIGURATION >> Settings. 3. Find Login Screen Banner and click "Edit". 4. Enable Login Screen Banner. 5. Fill in the Title and Message fields with the standard DOD Notice and Consent Banner as shown in the Discussion. 6. Click the green check to save.

b

Session-only-based cookies must be enabled.

AU-10 - Medium - CCI-000166 - V-272631 - SV-272631r1112743_rule

RMF Control

AU-10

Severity

M

CCI

CCI-000166

Version

CYLN-OP-000115

Vuln IDs

V-272631

Rule IDs

SV-272631r1112743_rule

Cookies must only be allowed per session and only for approved URLs, as permanently stored cookies can be used for malicious intent. Approved URLs may be allowlisted via the "CookiesAllowedForUrls" or "SaveCookiesOnExit" policy settings, but these are not requirements.

Checks: C-76712r1112741_chk

Verify the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Content settings/Configure cookies" is set to "Enabled" with the option value set to "Keep cookies for the duration of the session, except ones listed in 'SaveCookiesOnExit'". Use the Windows Registry Editor to navigate to the following key: HKLM\SOFTWARE\Policies\Microsoft\Edge If the value for "DefaultCookiesSetting" is not set to "REG_DWORD = 4", this is a finding.

Fix: F-76617r1112742_fix

Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Content settings/Configure cookies" to "Enabled" with the option value set to "Keep cookies for the duration of the session, except ones listed in 'SaveCookiesOnExit'".

b

CylanceON-PREM must be configured to support integration with a third-party Security Information and Event Management (SIEM) to support notifications.

AU-5 - Medium - CCI-000139 - V-272632 - SV-272632r1113445_rule

RMF Control

AU-5

Severity

M

CCI

CCI-000139

Version

CYLN-OP-000180

Vuln IDs

V-272632

Rule IDs

SV-272632r1113445_rule

Integrating a Central Log Server for managing audit records enhances security monitoring, incident response, and compliance efforts. By providing centralized logging, real-time analysis, and automated alerting, a Central Log Server allows CylanceON-PREM to maintain a robust security posture and effectively respond to potential threats, ultimately contributing to the organization's overall security strategy. Satisfies: SRG-APP-000108, SRG-APP-000115, SRG-APP-000125, SRG-APP-000126, SRG-APP-000181, SRG-APP-000291, SRG-APP-000292, SRG-APP-000293, SRG-APP-000294, SRG-APP-000320, SRG-APP-000358, SRG-APP-000360, SRG-APP-000474, SRG-APP-000515, SRG-APP-000745, SRG-APP-000795

Checks: C-76713r1113443_chk

Verify SIEM, Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to CONFIGURATION >> Settings. 3. Find Syslog/SIEM. If Syslog/SIEM is not enabled or the settings are not configured correctly, this is a finding.

Fix: F-76618r1113444_fix

Configure SIEM. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to CONFIGURATION >> Settings. 3. Find Syslog/SIEM. 4. Click on the edit button beside Syslog/SIEM. 5. Slide the button to enable. 6. Populate the Syslog/SIEM configuration. 7. Click the green check to save.

b

CylanceON-PREM must be configured with only one local Role to be used by the account of last resort in the event the authentication server is unavailable.

SC-3 - Medium - CCI-001084 - V-272633 - SV-272633r1113481_rule

RMF Control

SC-3

Severity

M

CCI

CCI-001084

Version

CYLN-OP-000510

Vuln IDs

V-272633

Rule IDs

SV-272633r1113481_rule

CylanceON-PREM uses a third-party identity provider (IDP) for access. The use of a "break glass" account is a critical failsafe measure for emergency situations where normal administrative access is unavailable.

Checks: C-76714r1112747_chk

Verify only Administrator (break-glass user) role is local. 1. Log in to the admin console. 2. Navigate to ACCESS MANAGEMENT >> Role Management. 3. Observe the list of Roles. If any Roles other than break-glass/Admin Role exist, this is a finding.

Fix: F-76619r1113480_fix

Remove any local Roles except for Administrator (break-glass user role). Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to ACCESS MANAGEMENT >> Role Management. 3. Under "Action", click the trashcan icon. (Note: If users are associated with the Role, the trash can icon will not exist. The user will need to be deleted first. CYLN-OP-000685) 4. Click "Remove Role".

b

CylanceON-PREM must be configured to send alerts via Simple Mail Transfer Protocol (SMTP).

SI-6 - Medium - CCI-001294 - V-272634 - SV-272634r1113494_rule

RMF Control

SI-6

Severity

M

CCI

CCI-001294

Version

CYLN-OP-000560

Vuln IDs

V-272634

Rule IDs

SV-272634r1113494_rule

Failure to notify personnel of failed tests introduces a risk to the system. Corrective action and the unsecure condition(s) will remain. Satisfies: SRG-APP-000275, SRG-APP-000279, SRG-APP-000940

Checks: C-76715r1113492_chk

Verify SMTP Settings. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to CONFIGURATION >> Settings. 3. Find SMTP. If SMTP is not enabled, this is a finding. If SMTP settings are not populated and event type notifications not enabled, this is a finding.

Fix: F-76620r1113493_fix

Configure SMTP Settings. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to CONFIGURATION >> Settings. 3. Find SMTP and click on the edit button. 4. Slide the button to enable. 5. Populate the Syslog/SIEM configuration. 6. Click the green check to save.

b

CylanceON-PREM must enforce that all files accessed are evaluated against the AI model for potential threats.

SI-3 - Medium - CCI-001242 - V-272635 - SV-272635r1112755_rule

RMF Control

SI-3

Severity

M

CCI

CCI-001242

Version

CYLN-OP-000575

Vuln IDs

V-272635

Rule IDs

SV-272635r1112755_rule

CylanceON-PREM enforces file evaluations against its AI model to ensure proactive, predictive, and comprehensive security. Failure to scan files introduces a potential risk to the system.

Checks: C-76716r1112753_chk

Verify Background Threat Detection and File Watcher settings are enabled. Administrator rights are required. 1. Log in to the admin console. 2. Navigate to POLICIES. 3. Click on each device policy. If Background Threat Detection or File Watcher settings are disabled, this is a finding. If there are no enabled policies, this is a finding.

Fix: F-76621r1112754_fix

Configure Background Threat Detection and File Watcher settings to enabled. Administrator rights are required. 1. Log in to the admin console. 2. Navigate to POLICIES. 3. Under "Action", choose "Edit". 4. Enable "Background Threat Detection". 5. Enable "File Watcher". 6. Click "Save Policy & Finish".

b

CylanceON-PREM must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.

AC-6 - Medium - CCI-002235 - V-272636 - SV-272636r1113520_rule

RMF Control

AC-6

Severity

M

CCI

CCI-002235

Version

CYLN-OP-000685

Vuln IDs

V-272636

Rule IDs

SV-272636r1113520_rule

there must not be local users/roles within CylanceON-PREM. Manually verifying local users and roles ensures that unauthorized users do not gain access to sensitive resources.

Checks: C-76717r1112756_chk

Verify that only admin break-glass user is local. 1. Log in to the admin console. 2. Navigate to ACCESS MANAGEMENT >> User Management. 3. Observe the list of users. If any users other than break-glass/Admin user exist, this is a finding. If the break-glass/Admin user is using the default name or password, this is a finding.

Fix: F-76622r1113519_fix

Remove any local users except for the break-glass/Admin user. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to ACCESS MANAGEMENT >> User Management. 3. Under "Action", click the kebab icon. 4. Select "Delete". 5. Click "Remove User". Edit the break-glass/Admin user to not use a default name or password. Protect these credentials in accordance with internal policies.

b

CylanceON-PREM must be configured to use an external database if users exceed 30,000.

AU-4 - Medium - CCI-001849 - V-272637 - SV-272637r1113525_rule

RMF Control

AU-4

Severity

M

CCI

CCI-001849

Version

CYLN-OP-000705

Vuln IDs

V-272637

Rule IDs

SV-272637r1113525_rule

Exhausting audit log storage will introduce failures in audit logging, which will result in loss of security monitoring information. Satisfies: SRG-APP-000357, SRG-APP-000359

Checks: C-76718r1113523_chk

If there are less than 30,000 users, this requirement is Not Applicable. Verify external database. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to CONFIGURATION >> Settings. 3. View Database Connection Settings. If no database settings are found, the system was installed with the local database, and default size settings are used, this is a finding.

Fix: F-76623r1113524_fix

If there are less than 30,000 users, this requirement is Not Applicable. To install CylanceON-PREM with an external database, configure the virtual appliance during setup to use the chosen external database, specifying details such as the database server address, credentials, and database name, instead of relying on the default internal database included with the appliance. After reinstalling, verify with the database administrator (DBA) that the requirement is met. Refer to https://docs.blackberry.com/en/unified-endpoint-security/cylanceonprem/cylance-on-prem-administration-guide/Configure_CylanceON-PREM_Virtual_Appliance/External_Database_Overview.

b

CylanceON-PREM must disable all functions, ports, protocols and services not required.

CM-7 - Medium - CCI-001762 - V-272638 - SV-272638r1113550_rule

RMF Control

CM-7

Severity

M

CCI

CCI-001762

Version

CYLN-OP-000815

Vuln IDs

V-272638

Rule IDs

SV-272638r1113550_rule

Unnecessary or unsecured ports, protocols, and services present many risks for attackers and may go undetected.

Checks: C-76719r1113548_chk

Verify port configuration to external subordinate services such as syslog/SEIM, SMTP, etc. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to CONFIGURATION >> Settings. 3. Review settings. 4. Verify the ports used are accurate. If any ports are being used that are not required, this is a finding.

Fix: F-76624r1113549_fix

Configure ports to external subordinate services such as syslog/SEIM, SMTP, etc. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to CONFIGURATION >> Settings. 3. Disable nonrequired features. 4. Ensure the ports used are accurate. 5. Check with subordinate systems administrators to verify and correct port settings as necessary. 6. Reboot the server.

b

CylanceON-PREM must be configured with a DOD issued certificate (or another authorizing official [AO]-approved certificate).

IA-2 - Medium - CCI-001953 - V-272639 - SV-272639r1113556_rule

RMF Control

IA-2

Severity

M

CCI

CCI-001953

Version

CYLN-OP-000835

Vuln IDs

V-272639

Rule IDs

SV-272639r1113556_rule

The DOD will only accept PKI certificates obtained from a DOD-approved internal or external certificate authority. Reliance on certificate authorities (CAs) for the establishment of secure sessions includes, for example, the use of TLS certificates. This requirement focuses on communications protection for the CylanceON-PREM session rather than for the network packet. This requirement applies to applications that use communications sessions. This includes, but is not limited to, web-based applications and Service-Oriented Architectures (SOAs). Using a trusted access credential reduces risk of unauthorized access. Satisfies: SRG-APP-000391, SRG-APP-000175, SRG-APP-000392, SRG-APP-000402, SRG-APP-000403, SRG-APP-000427

Checks: C-76720r1113555_chk

Verify Certificate-Based Authentication Settings. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to CONFIGURATION >> Settings. 3. Find Certificate-Based Authentication. 4. Click "Edit" to open configuration. If Certificate-Based Authentication is not enabled, this is a finding. If the certificate is not a DOD-issued certificate (or other AO-approved certificate), this is a finding.

Fix: F-76625r1112766_fix

Configure Certificate-Based Authentication Settings. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to CONFIGURATION >> Settings. 3. Find Certificate-Based Authentication. 4. Click "Edit" to open configuration. 5. Turn on the Certificate-Based Authentication setting. 6. Click "Add Certificate". 7. Browse for the file or drag and drop the file to upload it. (Note: The certificate must be a DOD-issued certificate or other AO-approved certificate.) 8. Click "Upload Certificate". 9. Click the green check to save changes.

b

CylanceON-PREM must be running the latest release.

SI-2 - Medium - CCI-002605 - V-272640 - SV-272640r1113602_rule

RMF Control

SI-2

Severity

M

CCI

CCI-002605

Version

CYLN-OP-001035

Vuln IDs

V-272640

Rule IDs

SV-272640r1113602_rule

Security flaws with software applications are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. Organizations (including any contractor to the organization) are required to promptly install security-relevant software updates (e.g., patches, service packs, and hot fixes). Flaws discovered during security assessments, continuous monitoring, incident response activities, or information system error handling must also be addressed expeditiously. Organization-defined time periods for updating security-relevant software may vary based on a variety of factors including, for example, the security category of the information system or the criticality of the update (i.e., severity of the vulnerability related to the discovered flaw). This requirement will apply to software patch management solutions that are used to install patches across the enclave and also to applications themselves that are not part of that patch management solution. For example, many browsers today provide the capability to install their own patch software. Patch criticality, as well as system criticality will vary. Therefore, the tactical situations regarding the patch management process will also vary. This means that the time period used must be a configurable parameter. Time frames for application of security-relevant software updates may be dependent upon the Information Assurance Vulnerability Management (IAVM) process. CylanceON-PREM will be configured to check for and install security-relevant software updates within an identified time period from the availability of the update. The specific time period will be defined by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).

Checks: C-76721r1112768_chk

Verify the system is the latest release. Administrator access is required. Verify the version: 1. Navigate to CONFIGURATION >> Settings. 2. Verify the version. If the system is not at the latest released version, this is a finding.

Fix: F-76626r1113601_fix

Administrator access is required to upgrade the system. 1. Log in to the Cylance support portal (myAccount.blackberry.com) and download the latest On-Prem update package. 2. Enable Maintenance Mode. 3. Take VM Snapshots for back up purposes. 4. Navigate to CONFIGURATION >> Settings. 5. Under "CylanceON-PREM Info", select "Upgrade". 6. Choose the latest CylanceON-PREM file and click "Start Upgrade". Monitor for the "Update is in progress" message and a "Successful update" notification upon completion. The appliance will then restart automatically.

b

CylanceON-PREM must be restarted every 30 days to invoke health checks.

SI-6 - Medium - CCI-002699 - V-272641 - SV-272641r1112773_rule

RMF Control

SI-6

Severity

M

CCI

CCI-002699

Version

CYLN-OP-001105

Vuln IDs

V-272641

Rule IDs

SV-272641r1112773_rule

Restarting CylanceON-PREM every 30 days ensures system stability and performance. Regular health checks of the system reduce the risk of security function failures in the system. Satisfies: SRG-APP-000473, SRG-APP-000475

Checks: C-76722r1112771_chk

Verify the reboot date. Administrator privileges are required. 1. Click AUDIT LOGS. 2. Search for "Reboot" and note the date. If date is more than 30 days in the past, this is a finding.

Fix: F-76627r1112772_fix

Reboot the server. Administrator privileges are required. 1. Perform a backup. 2. Navigate to CONFIGURATION >> Settings. 3. Enable Maintenance Mode. 4. Click on "Reboot".

b

All associated custom applications, including API endpoints, must be inventoried and managed.

CM-6 - Medium - CCI-000366 - V-272642 - SV-272642r1113686_rule

RMF Control

CM-6

Severity

M

CCI

CCI-000366

Version

CYLN-OP-001270

Vuln IDs

V-272642

Rule IDs

SV-272642r1113686_rule

The Console Applications page provides integration with the CylanceON-PREM API. An application has a unique application ID and application secret for generating an access token, which is used to access the API. Administrators create the applications, then give API users the application ID and application secret. Inventorying and managing CylanceON-PREM's associated custom applications and API endpoints is critical for securing the environment, ensuring compliance, minimizing risks, maintaining operational efficiency, and improving incident response. By knowing what applications and APIs exist and how they function, organizations can enhance the ability to protect, monitor, and manage systems effectively, thus safeguarding sensitive data and improving overall security posture.

Checks: C-76723r1113645_chk

Review the Console Applications. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to Configuration >> Applications. 3. Review the documentation of allowed applications. 4. Review the internal documentation for the location and protection of application ID and application secret. 5. All APIs must be documented. 6. Verify that controls are in place for who has access to APIs and where YAML files are stored. If any applications exist that are not documented, this is a finding. If application ID and application secrets are not documented and stored in the authorized location, this is a finding. If any APIs are in use and not documented, this is a finding. If the location and access of YAML files are not documented, this is a finding. If any of the above is documented but not adhered to, this is a finding.

Fix: F-76628r1113646_fix

Manage Custom Applications. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to Configuration >> Applications. 2a. To edit an application: - Click the "Edit" icon. - Update the application name or permissions. - Click the green check to save. 2b. To remove an application: - Click the trash can icon. - Click "Remove Application". 2c. To view the YAML file, click the API Documentation link.

Checks: C-76708r1113420_chk

Fix: F-76613r1113421_fix

Generate Mitigation Statement:

Checks: C-76709r1113423_chk

Fix: F-76614r1113424_fix

Generate Mitigation Statement:

Checks: C-76710r1113428_chk

Fix: F-76615r1113429_fix

Generate Mitigation Statement:

Checks: C-76711r1112738_chk

Fix: F-76616r1113684_fix

Generate Mitigation Statement:

Checks: C-76712r1112741_chk

Fix: F-76617r1112742_fix

Generate Mitigation Statement:

Checks: C-76713r1113443_chk

Fix: F-76618r1113444_fix

Generate Mitigation Statement:

Checks: C-76714r1112747_chk

Fix: F-76619r1113480_fix

Generate Mitigation Statement:

Checks: C-76715r1113492_chk

Fix: F-76620r1113493_fix

Generate Mitigation Statement:

Checks: C-76716r1112753_chk

Fix: F-76621r1112754_fix

Generate Mitigation Statement:

Checks: C-76717r1112756_chk

Fix: F-76622r1113519_fix

Generate Mitigation Statement:

Checks: C-76718r1113523_chk

Fix: F-76623r1113524_fix

Generate Mitigation Statement:

Checks: C-76719r1113548_chk

Fix: F-76624r1113549_fix

Generate Mitigation Statement:

Checks: C-76720r1113555_chk

Fix: F-76625r1112766_fix

Generate Mitigation Statement:

Checks: C-76721r1112768_chk

Fix: F-76626r1113601_fix

Generate Mitigation Statement:

Checks: C-76722r1112771_chk

Fix: F-76627r1112772_fix

Generate Mitigation Statement:

Checks: C-76723r1113645_chk

Fix: F-76628r1113646_fix

Generate Mitigation Statement: