Select any two versions of this STIG to compare the individual requirements
Select any old version/release of this STIG to view the previous requirements
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Log on to the GSA management interface. Click Administration >> Remote Support. If "Enable SSH for Remote Support" is unchecked, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Click Administration >> Remote Support. Uncheck the option "Enable SSH for Remote Support". Click Update.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Click Administration >> LDAP Setup. If valid LDAP information is entered, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Click Administration >> LDAP Setup. Click Create. In the LDAP Directory Server Address section, enter the following information: Host - LDAP directory server's host name, which is a fully-qualified domain name or an IPv4 address. Port number (optional) - the port number where the LDAP server listens for requests. If the LDAP server does not allow anonymous users to search, enter the following user credentials that the search appliance uses when logging into the LDAP server: Distinguished Name (DN) - A login on the LDAP server to which the search appliance connects to send authentication requests. If the LDAP server supports anonymous binds (authentication requests), the site does not need to specify a DN. Password (optional) - The password for the DN. Click Continue. The search appliance attempts to auto-detect the settings of the LDAP Search Base, the User Search Filter, the Group Search Filter, the Returned group format, and if SSL Support exists and displays what it has detected. The advanced settings appear. If the LDAP server is used to authenticate administrators to the search appliance, specify the LDAP groups against which they will be authenticated: Superuser Group - Any member of this group is considered an Admin Console administrator. Manager Group - Any member of this group is considered an Admin Console manager. An example of a superuser group name is "GSAAdmins" and an example of a manager group name is "GSAManagers." As shown in these examples, do not specify the entire DN in group names. Test the LDAP server settings for a potential search user by entering the following information in the LDAP Search User Authentication Test box and clicking Test LDAP Settings: Username - The user name that enables the search appliance to connect to the LDAP server (relative to the search base). Password - The password the user name that enables the search appliance to connect to the LDAP server. Configuring one or more LDAP servers on a search appliance. Editing an LDAP server configuration. Deleting an LDAP server configuration. Notes: Configure LDAP server if possible. LDAP (Lightweight Directory Access Protocol) is used to authenticate users before returning secure search results. When a user connects to the Google Search Appliance and requests a search for secure results, the search appliance asks for credentials from the user. These credentials are then forwarded to the LDAP server for validation. The user can use either LDAP or Kerberos, but not both.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Log on to the GSA Admin Console. Select "Administration". Select "User Accounts". If there are appropriate "manager" and "admin" accounts per site specific organizational requirement guidance, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Log on to the GSA Admin Console. Select "Administration". Select "User Accounts". Create the appropriate "manager" and "admin" accounts per site specific organizational requirement guidance.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "User Accounts". Under "Other Settings" - If "Use strict password checking" is checked, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "User Accounts". Under "Other Settings" - Enable option "Use strict password checking". Click Save.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "User Accounts". Under "Other Settings" - If "Use strict password checking" is checked, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "User Accounts". Under "Other Settings" - Enable option "Use strict password checking". Click Save.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "User Accounts". Under "Other Settings" - If "Use strict password checking" is checked, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "User Accounts". Under "Other Settings" - Enable option "Use strict password checking". Click Save.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "Login Terms". If "Enable Login Terms Banner" is checked, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "Login Terms". Enable option "Enable Login Terms Banner". Enter banner information. Click Save. Notes: DoD Login Banners: You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions: -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. -At any time, the USG may inspect and seize data stored on this IS. -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. -This IS includes security measures (e.g., authentication and access controls) to protect USG interests- -not for your personal benefit or privacy. -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details. OR I've read & consent to terms in IS user agreem't.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "Login Terms". If "Enable Login Terms Banner" is checked, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "Login Terms". Enable option "Enable Login Terms Banner". Enter banner information. Click Save. Notes: DoD Login Banners: You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions: -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. -At any time, the USG may inspect and seize data stored on this IS. -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. -This IS includes security measures (e.g., authentication and access controls) to protect USG interests- -not for your personal benefit or privacy. -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "Login Terms". If "Enable Login Terms Banner" is checked, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "Login Terms". Enable option "Enable Login Terms Banner". Enter banner information. Click Save. Notes: DoD Login Banners: You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions: -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. -At any time, the USG may inspect and seize data stored on this IS. -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. -This IS includes security measures (e.g., authentication and access controls) to protect USG interests- -not for your personal benefit or privacy. -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details. OR I've read & consent to terms in IS user agreem't.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "Network Settings". If a valid Syslog server is entered, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "Network Settings". Enter a valid Syslog server information. Click Save. Notes: Centralized logging provides the search appliance logs user search queries. If the Syslog Server value is set, the search appliance sends the log messages to the syslog server every five minutes, assigning the messages the priority "Informational." If there weren't any new searches between the previous run and the new run, the search appliance doesn't send anything to the syslog server.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "System Settings". If only valid emails addresses are entered, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "System Settings". Enter valid email addresses that the audit failures need to be sent to be reviewed.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "System Settings". If valid email addresses are entered, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "System Settings". Enter valid email addresses that the audit failures need to be sent to be reviewed.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "System Settings". If valid email addresses are entered, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "System Settings". Enter valid email addresses that the audit failures need to be sent to be reviewed.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "Network Settings". If there are valid entries for all DNS servers, DNS suffixes, SMTP servers, NTP servers, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "Network Settings". Ensure that valid entries for all DNS servers, DNS suffixes, SMTP servers, NTP servers.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "Network Settings". If the "Facility" setting is enabled, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "Network Settings". Ensure that "Facility" setting is enabled. Click Save.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Log on to the GSA Admin Console. Select "Administration". Select "User Accounts". If there are individual "manager" and "admin" accounts per site specific organizational requirements, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Log on to the GSA Admin Console. Select "Administration". Select "User Accounts". Create appropriate "manager" and "admin" accounts per site specific organizational requirement guidance.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "User Accounts". Under "Other Settings" - If "Prevent browsers from saving user credentials on the Admin Console and Version Manager login pages" is checked, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "User Accounts". Under "Other Settings" - Enable option "Prevent browsers from saving user credentials on the Admin Console and Version Manager login pages". Click Save.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "User Accounts". Under "Other Settings" - If "Use strict password checking" is checked, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "User Accounts". Under "Other Settings" - Enable option "Use strict password checking". Click Save.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "User Accounts". Under "Other Settings" - If "Use strict password checking" is checked, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "User Accounts". Under "Other Settings" - Enable option "Use strict password checking". Click Save.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "User Accounts". Under "Other Settings" - If "Use strict password checking" is checked, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "User Accounts". Under "Other Settings" - Enable option "Use strict password checking". Click Save.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "User Accounts". Under "Other Settings" - If "Use strict password checking" is checked, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "User Accounts". Under "Other Settings" - Enable option "Use strict password checking". Click Save.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "User Accounts". Under "Other Settings" - If "Use strict password checking" is checked, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "User Accounts". Under "Other Settings" - Enable option "Use strict password checking". Click Save.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "SSL Settings". Under "Other Settings" - If "Use HTTPS when serving both public and secure results" is checked, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "SSL Settings". Under "Other Settings" - Enable option "Use HTTPS when serving both public and secure results". Click Save.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "User Accounts". Under "Other Settings" - If "Use strict password checking" is checked, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "User Accounts". Under "Other Settings" - Enable option "Use strict password checking". Click Save.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "Network Settings". Ensure that a valid Syslog server is entered correctly. If events are sent and recorded on the Syslog server, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "Network Settings". Enter a valid Syslog server. Ensure that events are sent and recorded on the Syslog server.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "SSL Settings". If "Enable Server Certificate Authentication" is checked, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "SSL Settings". Enable the option "Enable Server Certificate Authentication".
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "System Settings". If "Enable Daily Status Email Messages" is checked and a valid administrator email address is entered, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "System Settings". Select "Enable Daily Status Email Messages" and enter a valid administrator email address.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "SSL Settings". Under "Other Settings" - If "Use HTTPS when serving both public and secure results" is checked, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "SSL Settings". Under "Other Settings" - Select "Use HTTPS when serving both public and secure results".
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "System Settings". If "Enable Daily Status Email Messages" is checked and a valid administrator email address is entered, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "System Settings". Select "Enable Daily Status Email Messages" and enter a valid administrator email address.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "System Settings". If "Enable Daily Status Email Messages" is checked and a valid administrator email address is entered, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "System Settings". Select "Enable Daily Status Email Messages" and enter a valid administrator email address.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "System Settings". If "Enable Daily Status Email Messages" is checked and a valid administrator email address is entered, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "System Settings". Select "Enable Daily Status Email Messages" and enter a valid administrator email address.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "System Settings". If "Enable Daily Status Email Messages" is checked and a valid administrator email address is entered, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "System Settings". Select "Enable Daily Status Email Messages" and enter a valid administrator email address.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "Network Settings". In the "Static Routes" field, ensure the required static routes are entered with one route per line. If proper destination host or network IP address, netmask, and destination gateway for a particular static route are entered, this is not a finding.
Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "Network Settings". In the "Static Routes" field, ensure the required static routes are entered with one route per line. Ensure that the destination host or network IP address, netmask, and destination gateway for a particular static route are entered on one line with a space between each part of the route. Click Update Setting and Perform Diagnostics.