UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Cisco ASA IPS Security Technical Implementation Guide


Overview

Date Finding Count (23)
2021-03-15 CAT I (High): 0 CAT II (Med): 23 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Public)

Finding ID Severity Title
V-239894 Medium The Cisco ASA must be configured to send an alert to organization-defined personnel and/or the firewall administrator when DoS incidents are detected.
V-239895 Medium The Cisco ASA must generate an alert to organization-defined personnel and/or the firewall administrator when active propagation of malware or malicious code is detected.
V-239892 Medium The Cisco ASA must be configured to send an alert to organization-defined personnel and/or the firewall administrator when intrusion events are detected.
V-239893 Medium The Cisco ASA must be configured to send an alert to organization-defined personnel and/or the firewall administrator when threats are detected.
V-239890 Medium The Cisco ASA must be configured to block inbound traffic containing unauthorized activities or conditions.
V-239891 Medium The Cisco ASA must be configured to block outbound traffic containing unauthorized activities or conditions.
V-239874 Medium The Cisco ASA must be configured to produce audit records containing information to establish when the events occurred.
V-239875 Medium The Cisco ASA must be configured to produce audit records containing information to establish where the event was detected.
V-239876 Medium The Cisco ASA must be configured to produce audit records containing information to establish the source of the event.
V-239877 Medium The Cisco ASA must be configured to produce audit records containing information to establish the outcome of events associated with detected harmful or potentially harmful traffic.
V-239873 Medium The Cisco ASA must be configured to produce audit records containing sufficient information to establish what type of event occurred.
V-239878 Medium The Cisco ASA must be configured to log events based on policy access control rules, signatures, and anomaly analysis.
V-239879 Medium The Cisco ASA must be configured to off-load log records to a centralized log server.
V-239889 Medium The Cisco ASA must be configured to automatically install updates to signature definitions and vendor-provided rules.
V-239888 Medium The Cisco ASA must be configured to send an alert to organization-defined personnel and/or the firewall administrator when malicious code is detected.
V-239881 Medium The Cisco ASA must be configured to queue log records locally In the event that the central audit server is down or not reachable.
V-239880 Medium The Cisco ASA must be configured to send log records to the syslog server for specific facility and severity level.
V-239883 Medium The Cisco ASA must be configured to use Advanced Malware Protection (AMP) features to detect and block the transmission of malicious software and malware.
V-239882 Medium The Cisco ASA must be configured to block outbound traffic containing DoS attacks by ensuring an intrusion prevention policy has been applied to outbound communications traffic.
V-239885 Medium The Cisco ASA must be configured to install updates for signature definitions and vendor-provided rules.
V-239884 Medium The Cisco ASA must block any prohibited mobile code at the enclave boundary when it is detected.
V-239887 Medium The Cisco ASA must be configured to block traffic from IP addresses that have a known bad reputation based on the latest reputation intelligence.
V-239886 Medium The Cisco ASA must be configured to block malicious code.