NOTICE: Due to a lapse in annual appropriations, this website is not being updated. Learn more.

U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

  1. Checklist Repository

RSA_Archer_eGRCPlatform_5.0_SecurityConfig 1.0 Checklist Details (Checklist Revisions)

Supporting Resources:

Target:

Target CPE Name
RSA Archer eGRC Platform 5.0 cpe:/a:rsa:archer_egrc_platform:5.0 (View CVEs)

Checklist Highlights

Checklist Name:
RSA_Archer_eGRCPlatform_5.0_SecurityConfig
Checklist ID:
345
Version:
1.0
Type:
Compliance
Review Status:
Final
Authority:
Software Vendor: RSA
Original Publication Date:
04/13/2011

Checklist Summary:

The purpose of the checklist is to inform customers about the security configuration options of RSA Archer as expressed in an XCCDF Policy. RSA Archer operates in a Microsoft Windows Server environment and uses Microsoft SQL Server. The checklist was developed in a Multi-Server Configuration.

Checklist Role:

  • Business Productivity Application

Known Issues:

Hardening may impact existing user access rights, permissions and password strength requirements.

Target Audience:

The intended audience is IT and Information Security professionals who would be installing the RSA Archer eGRC product and making choices about the best security settings for their operating environment. The IT professionals should have the knowledge of Microsoft Windows 2008 and Microsoft SQL Server along with the skills to install and configure on an ongoing basis as operational requirements might change. The Informational Security professionals should understand how their internal security policies translate into platform configuration and application settings. This document targets RSA Archer Administrators who are responsible for administering the RSA Archer implementation.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Windows O/S - 2008 SP2 (64-bit), SQL Server DB - 2008 SP1 (64-bit), IIS7, RSA Archer Multi-Server Configuration.

Regulatory Compliance:

NIST SP 800-53 Controls, Department of Defense [DoD] 8500). ISO 27001

Comments/Warnings/Miscellaneous:

This checklist was built using the RSA Archer Multi-Server Configuration. More robust environments will typically deploy the .NET application components across one or more web/application servers while separating the database onto its own dedicated server. Organizations typically leverage existing Microsoft SQL Server systems or clusters to fulfill the database needs of the system, reducing dedicated hardware requirements.

Disclaimer:

RSA makes no warranties with this submission. The included information is provided as is. All warranties are specifically excluded. RSA assumes no responsibility whatsoever for its use by other parties and makes no guarantees, expressed or implied about its quality, reliability or any other characteristic.

Product Support:

[email protected] or 1-800-995-5095, Option 5

Point of Contact:

[email protected]

Sponsor:

RSA, The Security Division of EMC Corporation. Dan Reddy, Consultant Product Manager, EMC Product Security Office; Peter Novosel, Director, RSA Archer Product Management

Licensing:

This checklist is copyrighted by RSA Security LLC, the Security Division of EMC Corporation, and is the sole property of RSA Security LLC.

Change History: 



					

						Dependency/Requirements:
					

					

						
							

								URL
								Description
							

						
						
							
						
					


					

						References:
					


					

						
							

								Reference URL
								Description
							

						
						
							
						
					


					

						NIST checklist record last modified on 03/22/2016