UCF STIG Viewer Logo

Free Space Optics Device Security Technical Implementation Guide


Overview

Date Finding Count (22)
2011-10-07 CAT I (High): 5 CAT II (Med): 14 CAT III (Low): 3
STIG Description
This STIG contains the technical security controls for the operation of a Free Space Optics Device in the DoD environment.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-4582 High The IAO will ensure that all OOB management connections to the device require authentication.
V-3056 High The IAO/NSO will ensure each user accessing the device locally have their own account with username and password.
V-3143 High The IAO/NSO will ensure all default manufacturer passwords are changed.
V-3210 High The IAO/NSO will ensure that all SNMP community strings are changed from the default values.
V-3175 High The IAO will ensure that all in-band management connections to the device require authentication.
V-14891 Medium FIPS 140-2 validated encryption modules must be used to secure data in transit between free space optical (FSO) communication devices
V-3069 Medium The system administrator will ensure in-band management access to the device is secured using FIPS 140-2 approved encryption or hash algorithms such as AES, 3DES, SSH, or TLS / SSL.
V-14671 Medium The IAO will ensure all NTP-enabled devices authenticate received NTP messages.
V-14717 Medium The system administrator will ensure SSH version 2 is implemented.
V-3057 Medium The IAO/NSO will ensure all user accounts are assigned the lowest privilege level that allows them to perform their duties.
V-3014 Medium The system administrator will ensure the timeout for administrative access is set for no longer than 10 minutes.
V-14886 Medium Wireless access points and bridges must be placed in dedicated subnets outside the enclave’s perimeter.
V-28784 Medium A service or feature that calls home to the vendor must be disabled.
V-3967 Medium The system administrator will ensure the console port is configured to time out after 10 minutes or less of inactivity.
V-17821 Medium Managed NE OOBM interface is not configured with an OOBM network address.
V-17822 Medium The management interface is not configured with both an ingress and egress ACL.
V-5613 Medium The system administrator will ensure the maximum number of unsuccessful SSH login attempts is set to three, locking access to the network device.
V-5612 Medium The system administrator will ensure SSH timeout value is set to 60 seconds or less, causing incomplete SSH connections to shut down after 60 seconds or less.
V-5611 Medium The system administrator will ensure that the device only allows in-band management sessions from authorized IP addresses from the internal network.
V-23747 Low The IAO/NSO will ensure all managed network elements are configured to use two or more NTP servers to synchronize time.
V-7011 Low The system administrator will ensure that the device auxiliary port is disabled if a secured modem providing encryption and authentication is not connected.
V-3070 Low The system administrator will configure the ACL that is bound to the inband interface to log permitted and denied access attempts.