← Back to MarkLogic Server v9 Security Technical Implementation Guide

V-220384

CAT II (Medium)

MarkLogic Server must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accordance with Ports, Protocols, and Services Management (PPSM) guidance.

Rule ID

SV-220384r961470_rule

STIG

MarkLogic Server v9 Security Technical Implementation Guide

Version

V3R2

CCIs

CCI-001762

Discussion

Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats.

Check Content

Review the network functions, ports, protocols, and services supported by MarkLogic for any that are prohibited by the PPSM guidance.

Perform the check from the MarkLogic Server Admin Interface with a user that holds administrative-level privileges.

1. Click the Groups icon.
2. Click the group in which the configuration to be checked resides (e.g., Default).
3. Click the App Servers icon on the left tree menu.
4. Inspect the Summary screen for the Type/Port/ and SSL configuration.
5. If any of the App Servers uses a protocol or port prohibited by the PPSM guidance, this is a finding.

Fix Text

Disable each prohibited network function, port, protocol, or service in MarkLogic.

Perform the fix from the MarkLogic Server Admin Interface with a user that holds administrative-level privileges.

1. Click the Groups icon.
2. Click the group in which the configuration to be checked resides (e.g., Default).
3. Click the App Servers icon on the left tree menu.
4. For any App Server that uses a prohibited port or protocol either disable the App Server or reconfigure to be compliant with the PPSM.