STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to SPEC Innovations Innoslate 4.x Security Technical Implementation Guide

V-254093

CAT I (High)

Innoslate must use multifactor authentication for network access to privileged and non-privileged accounts.

Rule ID

SV-254093r845255_rule

STIG

SPEC Innovations Innoslate 4.x Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000185CCI-000186CCI-000194CCI-000195CCI-000198CCI-000199CCI-000765CCI-001619CCI-001683CCI-001684CCI-001685CCI-001686CCI-001844CCI-001953CCI-001954CCI-001991CCI-002009CCI-002010CCI-002011CCI-002014CCI-002041CCI-002130CCI-002132CCI-002145CCI-002361CCI-002470

Discussion

Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor authentication requires using two or more factors to achieve authentication. Factors include: (i) Something a user knows (e.g., password/PIN); (ii) Something a user has (e.g., cryptographic identification device, token); or (iii) Something a user is (e.g., biometric). A privileged account is defined as an information system account with authorizations of a privileged user. Network access is defined as access to an information system by a user (or a process acting on behalf of a user) communicating through a network (e.g., local area network, wide area network, or the internet). Satisfies: SRG-APP-000149, SRG-APP-000024, SRG-APP-000025, SRG-APP-000026, SRG-APP-000027, SRG-APP-000028, SRG-APP-000029, SRG-APP-000065, SRG-APP-000148, SRG-APP-000150, SRG-APP-000151, SRG-APP-000152, SRG-APP-000153, SRG-APP-000157, SRG-APP-000163, SRG-APP-000164, SRG-APP-000165, SRG-APP-000166, SRG-APP-000167, SRG-APP-000168, SRG-APP-000169, SRG-APP-000170, SRG-APP-000173, SRG-APP-000174, SRG-APP-000175, SRG-APP-000176, SRG-APP-000291, SRG-APP-000292, SRG-APP-000293, SRG-APP-000294, SRG-APP-000295, SRG-APP-000318, SRG-APP-000319, SRG-APP-000320, SRG-APP-000356, SRG-APP-000391, SRG-APP-000392, SRG-APP-000397, SRG-APP-000401, SRG-APP-000402, SRG-APP-000403, SRG-APP-000404, SRG-APP-000405, SRG-APP-000427

Check Content

1. Enter the settings.properties file located at C:\Innoslate4\apache-tomcat\webapps\Innoslate4\WEB-INF.
2. Find the LDAP fields.
3. Verify LDAP information is correct. If not, this is a finding.

The LDAP Fields should look (not exactly) like this:

"
LDAP_INITIAL_CONTEXT_FACTORY = com.sun.jndi.ldap.LdapCtxFactory
LDAP_PROVIDER_URLS = ldap://providerUrl.com
LDAP_SECURITY_AUTHENTICATION = none
LDAP_SECURITY_PRINCIPAL = CN=Admin Innoslate,CN=Users,DC=Innoslateactive,DC=com
LDAP_SECURITY_CREDENTIALS = password
LDAP_USER_CONTEXT = CN=Users,DC=Innoslateactive,DC=com
LDAP_USER_OBJECT_CLASS = user
LDAP_USER_UID_ATTRIBUTE = sAMAccountName
LDAP_CONNECT_TIMEOUT = 1000
LDAP_READ_TIMEOUT = 5000
LDAP_USER_EMAIL_ATTRIBUTE = mail
LDAP_USER_FIRST_NAME_ATTRIBUTE = givenName
LDAP_USER_LAST_NAME_ATTRIBUTE = sn
LDAP_USER_PHONE_NUMBER_ATTRIBUTE = telephoneNumber
LDAP_USER_COMPANY_ATTRIBUTE = company
LDAP_USER_SEARCH_FILTER = (&(objectClass=user)(sAMAccountName={0})(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
"

Fix Text

1. Enter settings.properties file.
2. Change the AUTHENTICATION_TYPE  to "CAC".
3. Save.
4. Restart the Innoslate service.