UCF STIG Viewer Logo

Free Space Optics Device Security Technical Implementation Guide (STIG)


Overview

Date Finding Count (22)
2013-03-14 CAT I (High): 5 CAT II (Med): 14 CAT III (Low): 3
STIG Description
This STIG contains the technical security controls for the operation of a Free Space Optics Device in the DoD environment.

Available Profiles



Findings (MAC III - Administrative Classified)

Finding ID Severity Title
V-4582 High The network device must require authentication for console access.
V-3056 High Group accounts must not be configured or used for administrative access.
V-3143 High The network element must not have any default manufacturer passwords.
V-3210 High The network element must not use the default or well-known SNMP community strings public and private.
V-3175 High The network device must require authentication prior to establishing a management connection for administrative access.
V-14891 Medium FIPS 140-2 validated encryption modules must be used to secure data in transit between free space optical (FSO) communication devices
V-3069 Medium The network element must only allow management connections for administrative access using FIPS 140-2 validated encryption algorithms or protocols.
V-14671 Medium The network element must authenticate all NTP messages received from NTP servers and peers.
V-14717 Medium The network element must not allow SSH Version 1 to be used for administrative access.
V-3057 Medium The network element must have all user accounts assigned to the lowest privilege level that allows each administrator to perform his or her duties.
V-3014 Medium The network element must timeout management connections for administrative access after 10 minutes or less of inactivity.
V-14886 Medium Wireless access points and bridges must be placed in dedicated subnets outside the enclave’s perimeter.
V-28784 Medium A service or feature that calls home to the vendor must be disabled.
V-3967 Medium The network element must time out access to the console port after 10 minutes or less of inactivity.
V-17821 Medium The network element’s OOBM interface must be configured with an OOBM network address.
V-17822 Medium The network elements management interface must be configured with both an ingress and egress ACL.
V-5613 Medium The network element must be configured for a maximum number of unsuccessful SSH login attempts set at 3 before resetting the interface.
V-5612 Medium The network element must be configured to timeout after 60 seconds or less for incomplete or broken SSH sessions.
V-5611 Medium The network element must only allow management connections for administrative access from hosts residing in the management network.
V-23747 Low The network element must use two or more NTP servers to synchronize time.
V-7011 Low The network element’s auxiliary port must be disabled unless it is connected to a secured modem providing encryption and authentication.
V-3070 Low The network element must log all attempts to establish a management connection for administrative access.