Select any two versions of this STIG to compare the individual requirements
Select any old version/release of this STIG to view the previous requirements
1. Enter the web.xml file located at C:\Innoslate4\apache-tomcat\webapps\Innoslate4\WEB-INF. 2. Search (Ctrl+f) for "session-timeout" object (typically found on line 8). 3. Verify time is set to 15 minutes, if not , this is a finding.
1. Enter the web.xml file located at C:\Innoslate4\apache-tomcat\webapps\Innoslate4\WEB-INF. 2. Search (Ctrl+f) for "session-timeout" object (typically found on line 8). 3. Set the time to 15 minutes. 4. Save. 5. Restart the service.
1. Consult the System Administrator if needed to determine the location of the Apache Tomcat server.xml file and the network port that was specified during installation for use with Innoslate. The default is 8443; other AO-approved ports may be used. 2. Open the server.xml file with a text editor, and locate the <Connector/> element. The following is an example: Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" SSLProtocol="TLSv1.2" keystoreFile="$keystorepath" keystorePass="123456" keyAlias="tomcatssl" / If "port" is not set to 8443, or other AO-approved port, this is a finding. If "protocol" is not set to "org.apache.coyote.http11.Http11NioProtocol", this is a finding. If "SSLEnabled" is not set to "true", this is a finding. If "scheme" is not set to "https", this is a finding. If "secure" is not set to "true", this is a finding. If "SSLProtocol"or "SSLEnabledProtocols" is not set to "TLSv1.2", this is a finding. The name of this flag varies with Tomcat versions.
1. Open the server.xml file inside the conf folder of the tomcat installation (IE "C:\Innoslate4\apache-tomcat\conf" or "$CATALINA_BASE/conf/server.xml"). Add a connector tag for HTTPS scheme with PORT 8443 (or other AO-approved port) using the following example: Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLSv1.2" keystoreFile="C:\Innoslate4\apache-tomcat-8.5.30\conf\keystore.jks" keystorePass="123456" keyAlias="tomcatssl" / 2. Set "port" to 8443, or other AO-approved port. Set "protocol" to "org.apache.coyote.http11.Http11NioProtocol". Set "SSLEnabled" to "true". Set "scheme" to "https". Set "secure" to "true". Set "SSLProtocol" or "SSLEnabledProtocols" to "TLSv1.2". The name of this flag varies with Tomcat versions. Set "keystoreFile" to the path of the keystore utilized by the system, and set the associated password with "keystorePass". 3. Save the server.xml file.
1. Enter the settings.properties file located at C:\Innoslate4\apache-tomcat\webapps\Innoslate4\WEB-INF. 2. Find the "default organization" field. 3. Enter the default organization name to automatically add users to once they sign in. 4. Find the "Email notifications" fields. 5. Verify the email information is correct. If not, this is a finding.
1. Enter the settings.properties file located at C:\Innoslate4\apache-tomcat\webapps\Innoslate4\WEB-INF. 2. Find the "default organization" field. 3. Enter the default organization name to automatically add users to once they sign in. 4. Find the "Email notifications" fields. 5. Add the email information in the required fields. 6. Save. 7. Restart Service.
1. Sign in With Admin Account. 2. Enter Admin Dashboard. 3. Click on the "Organization" tab. 4. Find the "Roles" section. 5. Select the role to verify. 6. Ensure Administrative roles are separated from End User roles. Otherwise, this is a finding.
1. Sign in With Admin Account. 2. Enter Admin Dashboard. 3. Click on the "Organization" tab. 4. Find the "Roles" section. 5. Select the role to verify. 6. Verify via checkboxes that the role has the correct permissions applied. 7. Click "Edit" if changes are needed. 8. Select the appropriate role permissions to separate Administrative Users from End Users. 9. Click "Update". 10. Verify changes were made.
1. Sign in as owner of project. 2. Enter Schema Editor. 3. Click "Workflow". 4. Verify permissions are applied to the workflow classes specified. If not, this is a finding.
1. Sign in as owner of project. 2. Enter Schema Editor. 3. Click "Workflow". 4. Verify permissions are applied to the workflow classes specified.
1. Sign in to Innoslate. 2. Enter a project. 3. If the DoD Banner does not appear correctly, this is a finding.
1. Sign in to Innoslate. 2. Enter a project. 3. In the top right, select the "Gear" icon, and then select "Banner". 4. Insert DoD Banner Text and click "Save".
1. Locate the logging.properties file in the following directory: Innoslate\apache-tomcat\conf. 2. Search "level", and check corresponding lines for the correct verbosity settings. If they are incorrect after a change, save, and service restart, this is a finding. Below is an example of the contents of the default logging.properties file. "# Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. handlers = 1catalina.org.apache.juli.AsyncFileHandler, 2localhost.org.apache.juli.AsyncFileHandler, 3manager.org.apache.juli.AsyncFileHandler, 4host-manager.org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler .handlers = 1catalina.org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler ############################################################ # Handler specific properties. # Describes specific configuration info for Handlers. ############################################################ 1catalina.org.apache.juli.AsyncFileHandler.level = FINE 1catalina.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs 1catalina.org.apache.juli.AsyncFileHandler.prefix = catalina. 2localhost.org.apache.juli.AsyncFileHandler.level = FINE 2localhost.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs 2localhost.org.apache.juli.AsyncFileHandler.prefix = localhost. 3manager.org.apache.juli.AsyncFileHandler.level = FINE 3manager.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs 3manager.org.apache.juli.AsyncFileHandler.prefix = manager. 4host-manager.org.apache.juli.AsyncFileHandler.level = FINE 4host-manager.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs 4host-manager.org.apache.juli.AsyncFileHandler.prefix = host-manager. java.util.logging.ConsoleHandler.level = FINE java.util.logging.ConsoleHandler.formatter = org.apache.juli.OneLineFormatter ############################################################ # Facility specific properties. # Provides extra control for each logger. ############################################################ org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = 2localhost.org.apache.juli.AsyncFileHandler org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].level = INFO org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].handlers = 3manager.org.apache.juli.AsyncFileHandler org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].level = INFO org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].handlers = 4host-manager.org.apache.juli.AsyncFileHandler # For example, set the org.apache.catalina.util.LifecycleBase logger to log # each component that extends LifecycleBase changing state: #org.apache.catalina.util.LifecycleBase.level = FINE # To see FINE messages in TldLocationsCache, uncomment the following line: #org.apache.jasper.compiler.TldLocationsCache.level = FINE # To see FINE messages for HTTP/2 handling, uncomment the following line: #org.apache.coyote.http2.level = FINE # To see FINE messages for WebSocket handling, uncomment the following line: #org.apache.tomcat.websocket.level = FINE"
1. Locate the logging.properties file in the following directory: Innoslate4\apache-tomcat\conf. 2. Search "level" and modify corresponding lines to be set to FINE or VERBOSE as needed.
1. Enter the settings.properties file located at C:\Innoslate4\apache-tomcat\webapps\Innoslate4\WEB-INF. 2. Find the LDAP fields. 3. Verify LDAP information is correct. If not, this is a finding. The LDAP Fields should look (not exactly) like this: " LDAP_INITIAL_CONTEXT_FACTORY = com.sun.jndi.ldap.LdapCtxFactory LDAP_PROVIDER_URLS = ldap://providerUrl.com LDAP_SECURITY_AUTHENTICATION = none LDAP_SECURITY_PRINCIPAL = CN=Admin Innoslate,CN=Users,DC=Innoslateactive,DC=com LDAP_SECURITY_CREDENTIALS = password LDAP_USER_CONTEXT = CN=Users,DC=Innoslateactive,DC=com LDAP_USER_OBJECT_CLASS = user LDAP_USER_UID_ATTRIBUTE = sAMAccountName LDAP_CONNECT_TIMEOUT = 1000 LDAP_READ_TIMEOUT = 5000 LDAP_USER_EMAIL_ATTRIBUTE = mail LDAP_USER_FIRST_NAME_ATTRIBUTE = givenName LDAP_USER_LAST_NAME_ATTRIBUTE = sn LDAP_USER_PHONE_NUMBER_ATTRIBUTE = telephoneNumber LDAP_USER_COMPANY_ATTRIBUTE = company LDAP_USER_SEARCH_FILTER = (&(objectClass=user)(sAMAccountName={0})(!(userAccountControl:1.2.840.113556.1.4.803:=2))) "
1. Enter settings.properties file. 2. Change the AUTHENTICATION_TYPE to "CAC". 3. Save. 4. Restart the Innoslate service.
Open the settings.properties file [Path] and verify the AUTHENTICATION_TYPE is set to "CAC". If AUTHENTICATION_TYPE is not set to "CAC", this is a finding.
1. Open the settings.properties file [Path]. 2. Change the AUTHENTICATION_TYPE to "CAC". 3. Save. 4. Restart the Innoslate service.
1. Access the logging.properties file in the logs directory of the Innoslate files. 2. Verify the ____.apache.juli.AsyncFileHandler.directory field is set to a directory on a different system. Otherwise, this is a finding.
1. Access the logging.properties file in the logs directory of the Innoslate files. 2. Set the ____.apache.juli.AsyncFileHandler.directory fields to the directory or directories required. 3. Save. 4. Restart the service.
1. Locate the logging.properties file in the following directory: Innoslate\apache-tomcat\conf. 2. Modify lines 25, 29, 33, and 41 to be set to DEBUG or VERBOSE as needed. 3. If after a service restart the logs do not change, this is a finding.
1. Locate the logging.properties file in the following directory: Innoslate\apache-tomcat\conf. 2. Modify lines 25, 29, 33, and 41 to be set to DEBUG or VERBOSE as needed.