UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Palo Alto Networks security platform must automatically update malicious code protection mechanisms.


Overview

Finding ID Version Rule ID IA Controls Severity
V-228851 PANW-AG-000065 SV-228851r997597_rule Medium
Description
Remote access is access to DOD nonpublic information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network. Remote access methods include broadband and wireless connections. Remote access methods include, for example, proxied remote encrypted traffic (e.g., TLS gateways, web content filters, and webmail proxies).
STIG Date
Palo Alto Networks ALG Security Technical Implementation Guide 2024-06-17

Details

Check Text ( C-31086r997595_chk )
Go to Device >> Dynamic Updates.
If no entries for Applications and Threats are present, this is a finding.
If the Applications and Threats entry states Download Only, this is a finding.

This can be downgraded if a manual process is used. If a manual process is used, compare the Applications and Threats database for the most recent version.
Go to Dashboard >> General Information, if the application, threat, and URL filtering definition versions are not the most current ones listed on the vendor support site, this is a finding.
Fix Text (F-31063r997596_fix)
Go to Device >> Dynamic Updates; select "Check Now" at the bottom of the page to retrieve the latest signatures.
To schedule automatic signature updates. Note: The steps provided below do not account for local change management policies.
Go to Device >> Dynamic Updates; select the text to the right of Schedule.
In the "Applications and Threat Updates Schedule" window; complete the required information.
In the "Recurrence" field, select Daily.
In the "Time" field, enter the time at which you want the device to check for updates.
For the Action, select "Download and Install".
Select "OK".
Commit changes by selecting "Commit" in the upper-right corner of the screen. Select "OK" when the confirmation dialog appears.

If using Dynamic Updates is not possible due to mission requirements, implement a manual process.