UCF STIG Viewer Logo

Riverbed SteelHead CX v8 NDM Security Technical Implementation Guide


Overview

Date Finding Count (60)
2019-10-01 CAT I (High): 0 CAT II (Med): 52 CAT III (Low): 8
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-62965 Medium Riverbed Optimization System (RiOS) must enforce password complexity by requiring that at least one lower-case character be used.
V-62967 Medium Riverbed Optimization System (RiOS) must enforce password complexity by requiring that at least one numeric character be used.
V-62961 Medium Riverbed Optimization System (RiOS) must enforce a minimum 15-character password length.
V-62847 Medium Riverbed Optimization System (RiOS) must generate alerts that can be forwarded to the administrators and ISSO when local accounts are created.
V-62963 Medium Riverbed Optimization System (RiOS) must enforce password complexity by requiring that at least one upper-case character be used.
V-62987 Medium Riverbed Optimization System (RiOS) must obtain its public key certificates from an appropriate certificate policy through an approved service provider.
V-62985 Medium Riverbed Optimization System (RiOS) must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
V-62969 Medium Riverbed Optimization System (RiOS) must enforce password complexity by requiring that at least one numeric character be used.
V-62981 Medium Applications used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications.
V-62921 Medium Riverbed Optimization System (RiOS) must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC).
V-62943 Medium Riverbed Optimization System (RiOS) must employ automated mechanisms to centrally manage authentication settings.
V-62923 Medium Riverbed Optimization System (RiOS) must protect audit information from any type of unauthorized read access.
V-62925 Medium Riverbed Optimization System (RiOS) must protect audit information from unauthorized modification.
V-62901 Medium Riverbed Optimization System (RiOS) must generate an email alert of all log failure events requiring alerts.
V-62937 Medium Riverbed Optimization System (RiOS) must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources.
V-62929 Medium Riverbed Optimization System (RiOS) must protect audit tools from unauthorized access.
V-62861 Medium Riverbed Optimization System (RiOS) must enforce the limit of three (3) consecutive invalid logon attempts by a user during a 15-minute time period for web-based management access.
V-62941 Medium Riverbed Optimization System (RiOS) must enable the password authentication control policy to ensure password complexity controls and other password policy requirements are enforced.
V-62863 Medium Riverbed Optimization System (RiOS) must automatically lock the account until the locked account is released by an administrator when three unsuccessful login attempts in 15 minutes are exceeded.
V-62947 Medium Riverbed Optimization System (RiOS) must employ automated mechanisms to centrally verify authentication settings.
V-62865 Medium Riverbed Optimization System (RiOS) must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.
V-62945 Medium Riverbed Optimization System (RiOS) must employ automated mechanisms to centrally apply authentication settings.
V-62867 Medium Riverbed Optimization System (RiOS) must limit the number of concurrent sessions to one (1) for each administrator account and/or administrator account type.
V-62935 Medium Riverbed Optimization System (RiOS) must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be logged.
V-62989 Medium Riverbed Optimization System (RiOS) must generate unique session identifiers using a FIPS 140-2 approved random number generator.
V-62933 Medium Riverbed Optimization System (RiOS) must provide audit record generation capability for DoD-defined auditable events within the network device.
V-62927 Medium Riverbed Optimization System (RiOS) must protect audit information from unauthorized deletion.
V-62931 Medium Riverbed Optimization System (RiOS) must protect audit tools from unauthorized deletion.
V-62855 Medium Riverbed Optimization System (RiOS) must enforce the assigned privilege level for each administrator and authorizations for access to all commands relative to the privilege level in accordance with applicable policy for the device.
V-62973 Medium Riverbed Optimization System (RiOS) must enforce a 60-day maximum password lifetime restriction.
V-62971 Medium Riverbed Optimization System (RiOS) must require that when a password is changed, the characters are changed in at least 15 of the positions within the password.
V-62977 Medium Riverbed Optimization System (RiOS) must use mechanisms meeting the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.
V-62975 Medium Riverbed Optimization System (RiOS) must prohibit password reuse for a minimum of five generations.
V-62995 Medium The application must reveal error messages only to authorized individuals (ISSO, ISSM, and SA).
V-62979 Medium Riverbed Optimization System (RiOS) performing maintenance functions must restrict use of these functions to authorized personnel only.
V-62859 Medium Riverbed Optimization System (RiOS) must enforce the limit of three (3) consecutive invalid logon attempts by a user during a 15-minute time period for device console access.
V-62991 Medium Riverbed Optimization System (RiOS) must protect against or limit the effects of all known types of Denial of Service (DoS) attacks on the network device management network by employing organization-defined security safeguards.
V-62897 Medium Riverbed Optimization System (RiOS) must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.
V-62993 Medium Riverbed Optimization System (RiOS) must generate an alert that can be sent to security personnel when threats identified by authoritative sources (e.g., CTOs) and IAW with CJCSM 6510.01B occur.
V-62837 Medium Riverbed Optimization System (RiOS) must disable the local Shark and Monitor accounts so they cannot be used as shared accounts by users.
V-62959 Medium Riverbed Optimization System (RiOS) must authenticate NTP server before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.
V-62835 Medium Riverbed Optimization System (RiOS) must terminate local shared/group account credentials, such as the Admin account is used, when members who know the account password leave the group.
V-62917 Medium Riverbed Optimization System (RiOS) must alert the ISSO and SA (at a minimum) in the event of an audit processing failure.
V-62939 Medium Riverbed Optimization System (RiOS) must generate a log event for the enforcement actions used to restrict access associated with changes to the device.
V-62951 Medium Riverbed Optimization System (RiOS) must back up the system configuration files when configuration changes are made to the device.
V-62953 Medium Riverbed Optimization System (RiOS) must implement replay-resistant authentication mechanisms for network access to privileged accounts.
V-62955 Medium Riverbed Optimization System (RiOS) must authenticate network management endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.
V-62957 Medium Riverbed Optimization System (RiOS) must authenticate SNMP server before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.
V-62899 Medium Riverbed Optimization System (RiOS) must generate audit records containing the full-text recording of privileged commands.
V-62949 Medium Riverbed Optimization System (RiOS) must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.
V-62983 Medium Applications used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications.
V-62789 Medium Riverbed Optimization System (RiOS) must provide automated support for account management functions.
V-62843 Low Riverbed Optimization System (RiOS) must automatically generate a log event for account disabling actions.
V-62841 Low Riverbed Optimization System (RiOS) must automatically log event for account modification.
V-62845 Low Riverbed Optimization System (RiOS) must automatically generate a log event for account removal actions.
V-62849 Low Riverbed Optimization System (RiOS) must generate alerts that can be forwarded to the administrators and ISSO when accounts are modified.
V-62857 Low Riverbed Optimization System (RiOS) must generate a log event when privileged functions are executed.
V-62851 Low Riverbed Optimization System (RiOS) must generate alerts that can be forwarded to the administrators and ISSO when accounts are disabled.
V-62853 Low Riverbed Optimization System (RiOS) must generate alerts that can be forwarded to the administrators and ISSO when accounts are removed.
V-62839 Low Riverbed Optimization System (RiOS) must automatically generate a log event for account creation events.