From ArcGIS for Server 10.3 Security Technical Implementation Guide
Part of SRG-APP-000231
Associated with: CCI-001199
Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive and tape drive) within an organizational information system. Mobile devices, laptops, desktops, and storage devices can be either lost or stolen, and the contents of their data storage (e.g., hard drives and non-volatile memory) can be read, copied, or altered. Applications and application users generate information throughout the course of their application use.
Review the ArcGIS Server configuration to ensure mechanisms that protect the confidentiality and integrity of all information at rest are provided. Substitute the target environment’s values for [bracketed] variables. 1. Log on to https://[server.domain.com]:6443/arcgis/admin/data/items/fileShares ("Primary Site Administrator" account access is required.) Open each "Child Items" entry >> click "Edit". Note the "path" value. For example, "path": "\\[server.domain.com\share". Verify the infrastructure system(s) that supply each path implement FIPS 140-2 compliant encryption at rest, such as through the use of BitLocker full disk encryption. If any infrastructure system(s) that supply each path do not implement FIPS 140-2 compliant encryption at rest, such as through the use of BitLocker full disk encryption, this is a finding. 2. Log on to https://[server.domain.com]:6443/arcgis/admin/data/items/enterpriseDatabases ("Primary Site Administrator" account access is required.) Open each "Child Items" entry >> click "Edit". Note the "info" values "SERVER", "DBCLIENT", and "DATABASE", for example: 'SERVER=dbserver', 'DBCLIENT=sqlserver', 'DATABASE=vtest'; Verify on each "SERVER", "DBCLIENT", and "DATABASE", that these systems implement FIPS 140-2 compliant encryption at rest, such as through the use of SQL Server TDE (Transparent Data Encryption). If any "SERVER", "DBCLIENT", and "DATABASE" do not implement FIPS 140-2 compliant encryption at rest, such as through the use of SQL Server TDE (Transparent Data Encryption), this is a finding.
Configure the ArcGIS Server to ensure mechanisms that protect the confidentiality and integrity of all information at rest are provided. Substitute the target environment’s values for [bracketed] variables. Log on to https://[server.domain.com]:6443/arcgis/admin/data/items/fileShares ("Primary Site Administrator" account access is required.) Open each "Child Items" entry >> click "Edit". Note the "path" value. For example, "path": "\\[server.domain.com\share". Implement FIPS 140-2 compliant encryption at rest (such as BitLocker full disk encryption) on each infrastructure system that supplies each file path. Log on to https://[server.domain.com]:6443/arcgis/admin/data/items/enterpriseDatabases ("Primary Site Administrator" account access is required.) Open each "Child Items" entry >> click "Edit". Note the "info" values "SERVER", "DBCLIENT", and "DATABASE", for example: 'SERVER=dbserver', 'DBCLIENT=sqlserver', 'DATABASE=vtest'; Implement FIPS 140-2 compliant encryption at rest such as through the use of SQL Server TDE (Transparent Data Encryption) on each "SERVER", "DBCLIENT", and "DATABASE" entry identified above.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer