The ISEC7 SPHERE must accept Personal Identity Verification (PIV) credentials.
An XCCDF Rule
Description
The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DOD has mandated the use of the CAC to support identity management and personal authentication for systems covered under HSPD 12, as well as a primary component of layered protection for national security systems.
- ID
- SV-224769r1013821_rule
- Version
- ISEC-06-001730
- Severity
- Low
- References
- Updated
Remediation Templates
A Manual Procedure
Log in to the ISEC7 SPHERE Console.
Navigate to Administration >> Configuration >> LDAP.
Check "Also enable user certificate logins. e.g. from smart cards (CAC)".
Check "Only allow certificates with extended key usage for smartcard logon (1.3.6.1.4.1.311.20.2.2)".
Browse to %Install Drive%/Program Files >> ISEC7 SPHERE >> Tomcat >> conf.
Open the server.xml file and add clientAuth="required" under the Connection.