UCF STIG Viewer Logo

Cisco ASA IPS Security Technical Implementation Guide


Overview

Date Finding Count (23)
2021-03-15 CAT I (High): 0 CAT II (Med): 23 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Sensitive)

Finding ID Severity Title
V-239894 Medium The Cisco ASA must be configured to send an alert to organization-defined personnel and/or the firewall administrator when DoS incidents are detected.
V-239895 Medium The Cisco ASA must generate an alert to organization-defined personnel and/or the firewall administrator when active propagation of malware or malicious code is detected.
V-239892 Medium The Cisco ASA must be configured to send an alert to organization-defined personnel and/or the firewall administrator when intrusion events are detected.
V-239893 Medium The Cisco ASA must be configured to send an alert to organization-defined personnel and/or the firewall administrator when threats are detected.
V-239890 Medium The Cisco ASA must be configured to block inbound traffic containing unauthorized activities or conditions.
V-239891 Medium The Cisco ASA must be configured to block outbound traffic containing unauthorized activities or conditions.
V-239874 Medium The Cisco ASA must be configured to produce audit records containing information to establish when the events occurred.
V-239875 Medium The Cisco ASA must be configured to produce audit records containing information to establish where the event was detected.
V-239876 Medium The Cisco ASA must be configured to produce audit records containing information to establish the source of the event.
V-239877 Medium The Cisco ASA must be configured to produce audit records containing information to establish the outcome of events associated with detected harmful or potentially harmful traffic.
V-239873 Medium The Cisco ASA must be configured to produce audit records containing sufficient information to establish what type of event occurred.
V-239878 Medium The Cisco ASA must be configured to log events based on policy access control rules, signatures, and anomaly analysis.
V-239879 Medium The Cisco ASA must be configured to off-load log records to a centralized log server.
V-239889 Medium The Cisco ASA must be configured to automatically install updates to signature definitions and vendor-provided rules.
V-239888 Medium The Cisco ASA must be configured to send an alert to organization-defined personnel and/or the firewall administrator when malicious code is detected.
V-239881 Medium The Cisco ASA must be configured to queue log records locally In the event that the central audit server is down or not reachable.
V-239880 Medium The Cisco ASA must be configured to send log records to the syslog server for specific facility and severity level.
V-239883 Medium The Cisco ASA must be configured to use Advanced Malware Protection (AMP) features to detect and block the transmission of malicious software and malware.
V-239882 Medium The Cisco ASA must be configured to block outbound traffic containing DoS attacks by ensuring an intrusion prevention policy has been applied to outbound communications traffic.
V-239885 Medium The Cisco ASA must be configured to install updates for signature definitions and vendor-provided rules.
V-239884 Medium The Cisco ASA must block any prohibited mobile code at the enclave boundary when it is detected.
V-239887 Medium The Cisco ASA must be configured to block traffic from IP addresses that have a known bad reputation based on the latest reputation intelligence.
V-239886 Medium The Cisco ASA must be configured to block malicious code.