UCF STIG Viewer Logo

AvePoint Compliance Guardian Security Technical Implementation Guide


Date Finding Count (10)
2023-02-21 CAT I (High): 2 CAT II (Med): 8 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles

Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-256844 High Compliance Guardian must use multifactor authentication for network access to privileged accounts.
V-256841 High Compliance Guardian must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.
V-256840 Medium Compliance Guardian must initiate a session timeout after a 15-minute period of inactivity.
V-256848 Medium Compliance Guardian must only allow the use of DOD PKI established certificate authorities for verification of the establishment of protected sessions.
V-256846 Medium Compliance Guardian must accept FICAM-approved third-party credentials.
V-256847 Medium Compliance Guardian must conform to FICAM-issued profiles.
V-256845 Medium Compliance Guardian must control remote access methods.
V-256842 Medium Compliance Guardian must provide automated mechanisms for supporting account management functions.
V-256843 Medium Compliance Guardian must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.
V-256839 Medium Compliance Guardian must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.