STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Splunk Enterprise 7.x for Windows Security Technical Implementation Guide

V-221609

CAT I (High)

Splunk Enterprise must use LDAPS for the LDAP connection.

Rule ID

SV-221609r961029_rule

STIG

Splunk Enterprise 7.x for Windows Security Technical Implementation Guide

Version

V3R2

CCIs

CCI-000197

Discussion

Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. Securing the connection to the LDAP servers mitigates this risk.

Check Content

If the instance being checked is in a distributed environment and has the web interface disabled, this check is N/A.

If using SAML for authentication, this check is N/A.

Select Settings >> Access Controls >> Authentication method.

Select LDAP Settings.

Select the LDAP strategy and verify that SSL enabled is checked and the Port is set to 636.

If SSL enabled is not checked, and Port is not 636, this is a finding.

Fix Text

If using SAML for authentication, this fix is N/A.

Select Settings >> Access Controls >> Authentication method.

Select LDAP Settings.

Select the LDAP strategy and check the option SSL enabled.

Set Port to 636.

Edit the following file in the installation to configure Splunk to use SSL certificates:

$SPLUNK_HOME/etc/openldap/ldap.conf

Add the following line:

TLS_CACERT <path to the DoD approved certificate in PEM format>