/
rsa-archer-security-configuration-guide-baseline.json
1 lines (1 loc) · 27.2 KB
/
rsa-archer-security-configuration-guide-baseline.json
1
{"platform":{"name":"mac_os_x","release":"18.2.0"},"profiles":[{"name":"archer-baseline","version":"0.1.0","sha256":"4bd9e49391dfd78bec6feeafbe8d212581daac43fcb734473d8eff86c863e219","title":"InSpec Profile","maintainer":"The Authors","summary":"An InSpec Compliance Profile","license":"Apache-2.0","copyright":"The Authors","copyright_email":"you@example.com","supports":[],"attributes":[{"name":"url","options":{"type":"string","required":true,"default":"https://archersandbox.mitre.org/"}},{"name":"instancename","options":{"type":"string","required":true,"default":"sandy"}},{"name":"user_domain","options":{"type":"string","default":""}},{"name":"username","options":{"type":"string","required":true,"default":"inspecAPIAdmin"}},{"name":"password","options":{"type":"string","required":true,"default":"NYsAVD#u210"}},{"name":"ssl_verify","options":{"type":"boolean","default":false}}],"groups":[{"id":"controls/rsa-archer-1.12.rb","controls":["rsa-archer-1.12"]},{"id":"controls/rsa-archer-1.5.rb","controls":["rsa-archer-1.5"]},{"id":"controls/rsa-archer-1.1.rb","controls":["rsa-archer-1.1"]},{"id":"controls/rsa-archer-1.4.rb","controls":["rsa-archer-1.4"]},{"id":"controls/rsa-archer-1.3.rb","controls":["rsa-archer-1.3"]},{"id":"controls/rsa-archer-1.7.rb","controls":["rsa-archer-1.7"]},{"id":"controls/rsa-archer-1.6.rb","controls":["rsa-archer-1.6"]},{"id":"controls/rsa-archer-1.2.rb","controls":["rsa-archer-1.2"]},{"id":"controls/rsa-archer-1.9.rb","controls":["rsa-archer-1.9"]},{"id":"controls/rsa-archer-1.11.rb","controls":["rsa-archer-1.11"]},{"id":"controls/rsa-archer-1.8.rb","controls":["rsa-archer-1.8"]},{"id":"controls/rsa-archer-1.10.rb","controls":["rsa-archer-1.10"]}],"controls":[{"id":"rsa-archer-1.12","title":"Account lockout period","desc":"Accounts locked due to unsuccessful logon attempts will stay locked\n until unlocked by an administrator.","descriptions":[{"label":"default","data":"Accounts locked due to unsuccessful logon attempts will stay locked\n until unlocked by an administrator."}],"impact":0.5,"refs":[],"tags":{"check":"In security parameters, check if LockoutPeriod = 999","fix":"In security parameters, set LockoutPeriod = 999","nist":["AC-7","Rev_4"]},"code":"control 'rsa-archer-1.12' do\n title 'Account lockout period'\n desc 'Accounts locked due to unsuccessful logon attempts will stay locked\n until unlocked by an administrator.'\n impact 0.5\n tag 'check': 'In security parameters, check if LockoutPeriod = 999'\n tag 'fix': 'In security parameters, set LockoutPeriod = 999'\n tag 'nist': ['AC-7', 'Rev_4']\n\n archer_api_helper = archer(url: attribute('url'),\n instancename: attribute('instancename'),\n user_domain: attribute('user_domain'),\n username: attribute('username'),\n password: attribute('password'),\n ssl_verify: attribute('ssl_verify'))\n\n describe archer_api_helper do\n its('default_administrative_user.LockoutPeriod') { should cmp >= 999}\n its('general_user_parameter.LockoutPeriod') { should cmp >= 999 }\n its('archer_services_parameter.LockoutPeriod') { should cmp >= 999 }\n end\nend\n","source_location":{"line":1,"ref":"./controls/rsa-archer-1.12.rb"},"results":[{"status":"passed","code_desc":"Archer Instance sandy default_administrative_user.LockoutPeriod should cmp >= 999","run_time":0.438555,"start_time":"2018-11-21T11:34:45-05:00"},{"status":"passed","code_desc":"Archer Instance sandy general_user_parameter.LockoutPeriod should cmp >= 999","run_time":0.00129,"start_time":"2018-11-21T11:34:45-05:00"},{"status":"passed","code_desc":"Archer Instance sandy archer_services_parameter.LockoutPeriod should cmp >= 999","run_time":0.001104,"start_time":"2018-11-21T11:34:45-05:00"}]},{"id":"rsa-archer-1.5","title":"Uppercase characters required","desc":"When passwords are changed or new passwords are established, the new\n password must contain at least one uppercase character.","descriptions":[{"label":"default","data":"When passwords are changed or new passwords are established, the new\n password must contain at least one uppercase character."}],"impact":0.5,"refs":[],"tags":{"check":"In security parameters, check if UppercaseCharsRequired = 1","fix":"In security parameters, set UppercaseCharsRequired = 1","nist":["IA-5(1)","Rev_4"]},"code":"control 'rsa-archer-1.5' do\n title 'Uppercase characters required'\n desc 'When passwords are changed or new passwords are established, the new\n password must contain at least one uppercase character.'\n impact 0.5\n tag 'check': 'In security parameters, check if UppercaseCharsRequired = 1'\n tag 'fix': 'In security parameters, set UppercaseCharsRequired = 1'\n tag 'nist': ['IA-5(1)', 'Rev_4']\n\n archer_api_helper = archer(url: attribute('url'),\n instancename: attribute('instancename'),\n user_domain: attribute('user_domain'),\n username: attribute('username'),\n password: attribute('password'),\n ssl_verify: attribute('ssl_verify'))\n\n describe archer_api_helper do\n its('default_administrative_user.UppercaseCharsRequired') { should cmp >= 1 }\n its('general_user_parameter.UppercaseCharsRequired') { should cmp >= 1 }\n its('archer_services_parameter.UppercaseCharsRequired') { should cmp >= 1 }\n end\nend\n","source_location":{"line":1,"ref":"./controls/rsa-archer-1.5.rb"},"results":[{"status":"passed","code_desc":"Archer Instance sandy default_administrative_user.UppercaseCharsRequired should cmp >= 1","run_time":0.00115,"start_time":"2018-11-21T11:34:45-05:00"},{"status":"passed","code_desc":"Archer Instance sandy general_user_parameter.UppercaseCharsRequired should cmp >= 1","run_time":0.00086,"start_time":"2018-11-21T11:34:45-05:00"},{"status":"passed","code_desc":"Archer Instance sandy archer_services_parameter.UppercaseCharsRequired should cmp >= 1","run_time":0.000678,"start_time":"2018-11-21T11:34:45-05:00"}]},{"id":"rsa-archer-1.1","title":"Minimum Password Length","desc":"Passwords must be a minimum of 9 characters in length.","descriptions":[{"label":"default","data":"Passwords must be a minimum of 9 characters in length."}],"impact":0.5,"refs":[],"tags":{"check":"In security parameters, check if MinPasswordLength = 9","fix":"In security parameters, set MinPasswordLength = 9","nist":["IA-5(1)","Rev_4"]},"code":"control 'rsa-archer-1.1' do\n title 'Minimum Password Length'\n desc 'Passwords must be a minimum of 9 characters in length.'\n impact 0.5\n tag 'check': 'In security parameters, check if MinPasswordLength = 9'\n tag 'fix': 'In security parameters, set MinPasswordLength = 9'\n tag 'nist': ['IA-5(1)', 'Rev_4']\n\n archer_api_helper = archer(url: attribute('url'),\n instancename: attribute('instancename'),\n user_domain: attribute('user_domain'),\n username: attribute('username'),\n password: attribute('password'),\n ssl_verify: attribute('ssl_verify'))\n\n describe archer_api_helper do\n its('default_administrative_user.MinPasswordLength') { should cmp >= 9 }\n its('general_user_parameter.MinPasswordLength') { should cmp >= 9 }\n its('archer_services_parameter.MinPasswordLength') { should cmp >= 9 }\n end\nend\n","source_location":{"line":1,"ref":"./controls/rsa-archer-1.1.rb"},"results":[{"status":"passed","code_desc":"Archer Instance sandy default_administrative_user.MinPasswordLength should cmp >= 9","run_time":0.001195,"start_time":"2018-11-21T11:34:45-05:00"},{"status":"passed","code_desc":"Archer Instance sandy general_user_parameter.MinPasswordLength should cmp >= 9","run_time":0.001196,"start_time":"2018-11-21T11:34:45-05:00"},{"status":"passed","code_desc":"Archer Instance sandy archer_services_parameter.MinPasswordLength should cmp >= 9","run_time":0.000921,"start_time":"2018-11-21T11:34:45-05:00"}]},{"id":"rsa-archer-1.4","title":"Special characters required","desc":"When passwords are changed or new passwords are established, the new\n password must contain at least one special character.","descriptions":[{"label":"default","data":"When passwords are changed or new passwords are established, the new\n password must contain at least one special character."}],"impact":0.5,"refs":[],"tags":{"check":"In security parameters, check if SpecialCharsRequired = 1","fix":"In security parameters, set SpecialCharsRequired = 1","nist":["IA-5(1)","Rev_4"]},"code":"control 'rsa-archer-1.4' do\n title 'Special characters required'\n desc 'When passwords are changed or new passwords are established, the new\n password must contain at least one special character.'\n impact 0.5\n tag 'check': 'In security parameters, check if SpecialCharsRequired = 1'\n tag 'fix': 'In security parameters, set SpecialCharsRequired = 1'\n tag 'nist': ['IA-5(1)', 'Rev_4']\n\n archer_api_helper = archer(url: attribute('url'),\n instancename: attribute('instancename'),\n user_domain: attribute('user_domain'),\n username: attribute('username'),\n password: attribute('password'),\n ssl_verify: attribute('ssl_verify'))\n\n describe archer_api_helper do\n its('default_administrative_user.SpecialCharsRequired') { should cmp >= 1 }\n its('general_user_parameter.SpecialCharsRequired') { should cmp >= 1 }\n its('archer_services_parameter.SpecialCharsRequired') { should cmp >= 1 }\n end\nend\n","source_location":{"line":1,"ref":"./controls/rsa-archer-1.4.rb"},"results":[{"status":"passed","code_desc":"Archer Instance sandy default_administrative_user.SpecialCharsRequired should cmp >= 1","run_time":0.000699,"start_time":"2018-11-21T11:34:45-05:00"},{"status":"passed","code_desc":"Archer Instance sandy general_user_parameter.SpecialCharsRequired should cmp >= 1","run_time":0.000743,"start_time":"2018-11-21T11:34:45-05:00"},{"status":"passed","code_desc":"Archer Instance sandy archer_services_parameter.SpecialCharsRequired should cmp >= 1","run_time":0.0012,"start_time":"2018-11-21T11:34:45-05:00"}]},{"id":"rsa-archer-1.3","title":"Numeric characters required","desc":"When passwords are changed or new passwords are established, the new\n password must contain at least one numeric character.","descriptions":[{"label":"default","data":"When passwords are changed or new passwords are established, the new\n password must contain at least one numeric character."}],"impact":0.5,"refs":[],"tags":{"check":"In security parameters, check if NumericCharsRequired = 1","fix":"In security parameters, set NumericCharsRequired = 1","nist":["IA-5(1)","Rev_4"]},"code":"control 'rsa-archer-1.3' do\n title 'Numeric characters required'\n desc 'When passwords are changed or new passwords are established, the new\n password must contain at least one numeric character.'\n impact 0.5\n tag 'check': 'In security parameters, check if NumericCharsRequired = 1'\n tag 'fix': 'In security parameters, set NumericCharsRequired = 1'\n tag 'nist': ['IA-5(1)', 'Rev_4']\n\n archer_api_helper = archer(url: attribute('url'),\n instancename: attribute('instancename'),\n user_domain: attribute('user_domain'),\n username: attribute('username'),\n password: attribute('password'),\n ssl_verify: attribute('ssl_verify'))\n\n describe archer_api_helper do\n its('default_administrative_user.NumericCharsRequired') { should cmp >= 1 }\n its('general_user_parameter.NumericCharsRequired') { should cmp >= 1 }\n its('archer_services_parameter.NumericCharsRequired') { should cmp >= 1 }\n end\nend\n","source_location":{"line":1,"ref":"./controls/rsa-archer-1.3.rb"},"results":[{"status":"passed","code_desc":"Archer Instance sandy default_administrative_user.NumericCharsRequired should cmp >= 1","run_time":0.00088,"start_time":"2018-11-21T11:34:45-05:00"},{"status":"passed","code_desc":"Archer Instance sandy general_user_parameter.NumericCharsRequired should cmp >= 1","run_time":0.00116,"start_time":"2018-11-21T11:34:45-05:00"},{"status":"passed","code_desc":"Archer Instance sandy archer_services_parameter.NumericCharsRequired should cmp >= 1","run_time":0.000975,"start_time":"2018-11-21T11:34:45-05:00"}]},{"id":"rsa-archer-1.7","title":"Password change interval","desc":"Existing passwords must be restricted to a 90-day maximum lifetime.","descriptions":[{"label":"default","data":"Existing passwords must be restricted to a 90-day maximum lifetime."}],"impact":0.5,"refs":[],"tags":{"check":"In security parameters, check if PasswordChangeInterval = 90","fix":"In security parameters, set PasswordChangeInterval = 90","nist":["IA-5(1)","Rev_4"]},"code":"control 'rsa-archer-1.7' do\n title 'Password change interval'\n desc 'Existing passwords must be restricted to a 90-day maximum lifetime.'\n impact 0.5\n tag 'check': 'In security parameters, check if PasswordChangeInterval = 90'\n tag 'fix': 'In security parameters, set PasswordChangeInterval = 90'\n tag 'nist': ['IA-5(1)', 'Rev_4']\n\n archer_api_helper = archer(url: attribute('url'),\n instancename: attribute('instancename'),\n user_domain: attribute('user_domain'),\n username: attribute('username'),\n password: attribute('password'),\n ssl_verify: attribute('ssl_verify'))\n\n describe archer_api_helper do\n its('default_administrative_user.PasswordChangeInterval') { should cmp <= 90 }\n its('general_user_parameter.PasswordChangeInterval') { should cmp <= 90 }\n its('archer_services_parameter.PasswordChangeInterval') { should cmp <= 90 }\n end\nend\n","source_location":{"line":1,"ref":"./controls/rsa-archer-1.7.rb"},"results":[{"status":"passed","code_desc":"Archer Instance sandy default_administrative_user.PasswordChangeInterval should cmp <= 90","run_time":0.000916,"start_time":"2018-11-21T11:34:45-05:00"},{"status":"passed","code_desc":"Archer Instance sandy general_user_parameter.PasswordChangeInterval should cmp <= 90","run_time":0.000986,"start_time":"2018-11-21T11:34:45-05:00"},{"status":"passed","code_desc":"Archer Instance sandy archer_services_parameter.PasswordChangeInterval should cmp <= 90","run_time":0.000745,"start_time":"2018-11-21T11:34:45-05:00"}]},{"id":"rsa-archer-1.6","title":"Lowercase characters require","desc":"When passwords are changed or new passwords are assigned, the new\n password must contain at least one lowercase character.","descriptions":[{"label":"default","data":"When passwords are changed or new passwords are assigned, the new\n password must contain at least one lowercase character."}],"impact":0.5,"refs":[],"tags":{"check":"In security parameters, check if LowercaseCharsRequired = 1","fix":"In security parameters, set LowercaseCharsRequired = 1","nist":["IA-5(1)","Rev_4"]},"code":"control 'rsa-archer-1.6' do\n title 'Lowercase characters require'\n desc 'When passwords are changed or new passwords are assigned, the new\n password must contain at least one lowercase character.'\n impact 0.5\n tag 'check': 'In security parameters, check if LowercaseCharsRequired = 1'\n tag 'fix': 'In security parameters, set LowercaseCharsRequired = 1'\n tag 'nist': ['IA-5(1)', 'Rev_4']\n\n archer_api_helper = archer(url: attribute('url'),\n instancename: attribute('instancename'),\n user_domain: attribute('user_domain'),\n username: attribute('username'),\n password: attribute('password'),\n ssl_verify: attribute('ssl_verify'))\n\n describe archer_api_helper do\n its('default_administrative_user.LowercaseCharsRequired') { should cmp >= 1 }\n its('general_user_parameter.LowercaseCharsRequired') { should cmp >= 1 }\n its('archer_services_parameter.LowercaseCharsRequired') { should cmp >= 1 }\n end\nend\n","source_location":{"line":1,"ref":"./controls/rsa-archer-1.6.rb"},"results":[{"status":"passed","code_desc":"Archer Instance sandy default_administrative_user.LowercaseCharsRequired should cmp >= 1","run_time":0.000826,"start_time":"2018-11-21T11:34:45-05:00"},{"status":"passed","code_desc":"Archer Instance sandy general_user_parameter.LowercaseCharsRequired should cmp >= 1","run_time":0.000675,"start_time":"2018-11-21T11:34:45-05:00"},{"status":"passed","code_desc":"Archer Instance sandy archer_services_parameter.LowercaseCharsRequired should cmp >= 1","run_time":0.000592,"start_time":"2018-11-21T11:34:45-05:00"}]},{"id":"rsa-archer-1.2","title":"Alpha characters required","desc":"When passwords are changed or new passwords are established, the new\n password must contain at least two alpha characters.","descriptions":[{"label":"default","data":"When passwords are changed or new passwords are established, the new\n password must contain at least two alpha characters."}],"impact":0.5,"refs":[],"tags":{"check":"In security parameters, check if AlphaCharsRequired = 2","fix":"In security parameters, set AlphaCharsRequired = 2","nist":["IA-5(1)","Rev_4"]},"code":"control 'rsa-archer-1.2' do\n title 'Alpha characters required'\n desc 'When passwords are changed or new passwords are established, the new\n password must contain at least two alpha characters.'\n impact 0.5\n tag 'check': 'In security parameters, check if AlphaCharsRequired = 2'\n tag 'fix': 'In security parameters, set AlphaCharsRequired = 2'\n tag 'nist': ['IA-5(1)', 'Rev_4']\n\n archer_api_helper = archer(url: attribute('url'),\n instancename: attribute('instancename'),\n user_domain: attribute('user_domain'),\n username: attribute('username'),\n password: attribute('password'),\n ssl_verify: attribute('ssl_verify'))\n\n describe archer_api_helper do\n its('default_administrative_user.AlphaCharsRequired') { should cmp >= 2 }\n its('general_user_parameter.AlphaCharsRequired') { should cmp >= 2 }\n its('archer_services_parameter.AlphaCharsRequired') { should cmp >= 2 }\n end\nend\n","source_location":{"line":1,"ref":"./controls/rsa-archer-1.2.rb"},"results":[{"status":"passed","code_desc":"Archer Instance sandy default_administrative_user.AlphaCharsRequired should cmp >= 2","run_time":0.000702,"start_time":"2018-11-21T11:34:45-05:00"},{"status":"passed","code_desc":"Archer Instance sandy general_user_parameter.AlphaCharsRequired should cmp >= 2","run_time":0.001005,"start_time":"2018-11-21T11:34:45-05:00"},{"status":"passed","code_desc":"Archer Instance sandy archer_services_parameter.AlphaCharsRequired should cmp >= 2","run_time":0.000843,"start_time":"2018-11-21T11:34:45-05:00"}]},{"id":"rsa-archer-1.9","title":"Grace logons","desc":"After password expiration, zero grace logons are permitted using the\n expired password.","descriptions":[{"label":"default","data":"After password expiration, zero grace logons are permitted using the\n expired password."}],"impact":0.5,"refs":[],"tags":{"check":"In security parameters, check if GraceLogins = 0","fix":"In security parameters, set GraceLogins = 0","nist":["IA-5(1)","Rev_4"]},"code":"control 'rsa-archer-1.9' do\n title 'Grace logons'\n desc 'After password expiration, zero grace logons are permitted using the\n expired password.'\n impact 0.5\n tag 'check': 'In security parameters, check if GraceLogins = 0'\n tag 'fix': 'In security parameters, set GraceLogins = 0'\n tag 'nist': ['IA-5(1)', 'Rev_4']\n\n archer_api_helper = archer(url: attribute('url'),\n instancename: attribute('instancename'),\n user_domain: attribute('user_domain'),\n username: attribute('username'),\n password: attribute('password'),\n ssl_verify: attribute('ssl_verify'))\n\n describe archer_api_helper do\n its('default_administrative_user.GraceLogins') { should cmp 0 }\n its('general_user_parameter.GraceLogins') { should cmp 0 }\n its('archer_services_parameter.GraceLogins') { should cmp 0 }\n end\nend\n","source_location":{"line":1,"ref":"./controls/rsa-archer-1.9.rb"},"results":[{"status":"passed","code_desc":"Archer Instance sandy default_administrative_user.GraceLogins should cmp == 0","run_time":0.000726,"start_time":"2018-11-21T11:34:45-05:00"},{"status":"passed","code_desc":"Archer Instance sandy general_user_parameter.GraceLogins should cmp == 0","run_time":0.000747,"start_time":"2018-11-21T11:34:45-05:00"},{"status":"passed","code_desc":"Archer Instance sandy archer_services_parameter.GraceLogins should cmp == 0","run_time":0.000677,"start_time":"2018-11-21T11:34:45-05:00"}]},{"id":"rsa-archer-1.11","title":"Session time-out","desc":"The operating system must initiate a session time-out after a 10 minute\n period of inactivity","descriptions":[{"label":"default","data":"The operating system must initiate a session time-out after a 10 minute\n period of inactivity"}],"impact":0.5,"refs":[],"tags":{"check":"In security parameters, check if SessionTimeout = 10","fix":"In security parameters, set SessionTimeout = 10","nist":["AC-11","Rev_4"]},"code":"control 'rsa-archer-1.11' do\n title 'Session time-out'\n desc 'The operating system must initiate a session time-out after a 10 minute\n period of inactivity '\n impact 0.5\n tag 'check': 'In security parameters, check if SessionTimeout = 10'\n tag 'fix': 'In security parameters, set SessionTimeout = 10'\n tag 'nist': ['AC-11', 'Rev_4']\n\n archer_api_helper = archer(url: attribute('url'),\n instancename: attribute('instancename'),\n user_domain: attribute('user_domain'),\n username: attribute('username'),\n password: attribute('password'),\n ssl_verify: attribute('ssl_verify'))\n\n describe archer_api_helper do\n its('default_administrative_user.SessionTimeout') { should cmp <= 10 }\n its('general_user_parameter.SessionTimeout') { should cmp <= 10 }\n its('archer_services_parameter.SessionTimeout') { should cmp <= 10 }\n end\nend\n","source_location":{"line":1,"ref":"./controls/rsa-archer-1.11.rb"},"results":[{"status":"failed","code_desc":"Archer Instance sandy default_administrative_user.SessionTimeout should cmp <= 10","run_time":0.02245,"start_time":"2018-11-21T11:34:45-05:00","message":"\nexpected it to be <= 10\n got: 90\n\n(compared using `cmp` matcher)\n"},{"status":"passed","code_desc":"Archer Instance sandy general_user_parameter.SessionTimeout should cmp <= 10","run_time":0.000878,"start_time":"2018-11-21T11:34:45-05:00"},{"status":"failed","code_desc":"Archer Instance sandy archer_services_parameter.SessionTimeout should cmp <= 10","run_time":0.00091,"start_time":"2018-11-21T11:34:45-05:00","message":"\nexpected it to be <= 10\n got: 30\n\n(compared using `cmp` matcher)\n"}]},{"id":"rsa-archer-1.8","title":"Previous passwords disallowed","desc":"Passwords must be prohibited from reuse for a minimum of 20 generations.","descriptions":[{"label":"default","data":"Passwords must be prohibited from reuse for a minimum of 20 generations."}],"impact":0.5,"refs":[],"tags":{"check":"In security parameters, check if PreviousPasswordsDisallowed = 20","fix":"In security parameters, set PreviousPasswordsDisallowed = 20","nist":["IA-5(1)","Rev_4"]},"code":"control 'rsa-archer-1.8' do\n title 'Previous passwords disallowed'\n desc 'Passwords must be prohibited from reuse for a minimum of 20 generations.'\n impact 0.5\n tag 'check': 'In security parameters, check if PreviousPasswordsDisallowed = 20'\n tag 'fix': 'In security parameters, set PreviousPasswordsDisallowed = 20'\n tag 'nist': ['IA-5(1)', 'Rev_4']\n\n archer_api_helper = archer(url: attribute('url'),\n instancename: attribute('instancename'),\n user_domain: attribute('user_domain'),\n username: attribute('username'),\n password: attribute('password'),\n ssl_verify: attribute('ssl_verify'))\n\n describe archer_api_helper do\n its('default_administrative_user.PreviousPasswordsDisallowed') { should cmp >= 20 }\n its('general_user_parameter.PreviousPasswordsDisallowed') { should cmp >= 20 }\n its('archer_services_parameter.PreviousPasswordsDisallowed') { should cmp >= 20 }\n end\nend\n","source_location":{"line":1,"ref":"./controls/rsa-archer-1.8.rb"},"results":[{"status":"passed","code_desc":"Archer Instance sandy default_administrative_user.PreviousPasswordsDisallowed should cmp >= 20","run_time":0.00081,"start_time":"2018-11-21T11:34:45-05:00"},{"status":"passed","code_desc":"Archer Instance sandy general_user_parameter.PreviousPasswordsDisallowed should cmp >= 20","run_time":0.000745,"start_time":"2018-11-21T11:34:45-05:00"},{"status":"passed","code_desc":"Archer Instance sandy archer_services_parameter.PreviousPasswordsDisallowed should cmp >= 20","run_time":0.000866,"start_time":"2018-11-21T11:34:45-05:00"}]},{"id":"rsa-archer-1.10","title":"Maximum failed logon attempts","desc":"Accounts subject to 3 unsuccessful logon attempts must be locked.","descriptions":[{"label":"default","data":"Accounts subject to 3 unsuccessful logon attempts must be locked."}],"impact":0.5,"refs":[],"tags":{"check":"In security parameters, check if MaximumFailedLoginAttempts = 3","fix":"In security parameters, set MaximumFailedLoginAttempts = 3","nist":["AC-7","Rev_4"]},"code":"control 'rsa-archer-1.10' do\n title 'Maximum failed logon attempts'\n desc 'Accounts subject to 3 unsuccessful logon attempts must be locked.'\n impact 0.5\n tag 'check': 'In security parameters, check if MaximumFailedLoginAttempts = 3'\n tag 'fix': 'In security parameters, set MaximumFailedLoginAttempts = 3'\n tag 'nist': ['AC-7', 'Rev_4']\n\n archer_api_helper = archer(url: attribute('url'),\n instancename: attribute('instancename'),\n user_domain: attribute('user_domain'),\n username: attribute('username'),\n password: attribute('password'),\n ssl_verify: attribute('ssl_verify'))\n\n describe archer_api_helper do\n its('default_administrative_user.MaximumFailedLoginAttempts') { should cmp 3 }\n its('general_user_parameter.MaximumFailedLoginAttempts') { should cmp 3 }\n its('archer_services_parameter.MaximumFailedLoginAttempts') { should cmp 3 }\n end\nend\n","source_location":{"line":1,"ref":"./controls/rsa-archer-1.10.rb"},"results":[{"status":"passed","code_desc":"Archer Instance sandy default_administrative_user.MaximumFailedLoginAttempts should cmp == 3","run_time":0.000748,"start_time":"2018-11-21T11:34:45-05:00"},{"status":"passed","code_desc":"Archer Instance sandy general_user_parameter.MaximumFailedLoginAttempts should cmp == 3","run_time":0.000647,"start_time":"2018-11-21T11:34:45-05:00"},{"status":"passed","code_desc":"Archer Instance sandy archer_services_parameter.MaximumFailedLoginAttempts should cmp == 3","run_time":0.000755,"start_time":"2018-11-21T11:34:45-05:00"}]}],"status":"loaded"}],"statistics":{"duration":0.501324},"version":"3.0.52"}