UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Symantec ProxySG NDM Security Technical Implementation Guide


Overview

Date Finding Count (32)
2019-12-20 CAT I (High): 9 CAT II (Med): 21 CAT III (Low): 2
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Classified)

Finding ID Severity Title
V-94713 High Symantec ProxySG must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
V-94711 High The Symantec ProxySG must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of nonlocal maintenance and diagnostic communications.
V-94657 High Symantec ProxySG must configure Web Management Console access restrictions to authorized IP address/ranges.
V-94655 High Symantec ProxySG must be configured to enforce user authorization to implement least privilege.
V-94695 High Symantec ProxySG must use only approved management services protocols.
V-94413 High Symantec ProxySG must enable Attack Detection.
V-94703 High Symantec ProxySG must transmit only encrypted representations of passwords.
V-94707 High Symantec ProxySG must be configured to use only FIPS 140-2 approved algorithms for authentication to a cryptographic module with any application or protocol.
V-94709 High The Symantec ProxySG Web Management Console and SSH sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications.
V-94681 Medium Symantec ProxySG must employ automated mechanisms to centrally verify authentication settings.
V-94683 Medium Accounts for device management must be configured on the authentication server and not on Symantec ProxySG itself, except for the account of last resort.
V-94685 Medium Symantec ProxySG must use Role-Based Access Control (RBAC) to assign privileges to users for access to files and functions.
V-94687 Medium Symantec ProxySG must employ automated mechanisms to centrally apply authentication settings.
V-94689 Medium Symantec ProxySG must support organizational requirements to conduct backups of system level information contained in the ProxySG when changes occur or weekly, whichever is sooner.
V-94671 Medium Symantec ProxySG must compare internal information system clocks at least every 24 hours with an authoritative time server.
V-94659 Medium Symantec ProxySG must be configured to enforce assigned privilege levels for approved administrators when accessing the management console, SSH, and the command line interface (CLI).
V-94675 Medium Symantec ProxySG must protect the Web Management Console, SSH, and command line interface (CLI) from unauthorized modification.
V-94677 Medium Symantec ProxySG must protect the Web Management Console, SSH, and command line interface (CLI) from unauthorized access.
V-94653 Medium Symantec ProxySG must be configured with only one local account that is used as the account of last resort.
V-94699 Medium Symantec ProxySG must configure SNMPv3 so that cryptographically-based bidirectional authentication is used.
V-94697 Medium Symantec ProxySG must implement HTTPS-console to provide replay-resistant authentication mechanisms for network access to privileged accounts.
V-94693 Medium Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component.
V-94691 Medium Symantec ProxySG must obtain its public key certificates from an appropriate certificate policy through an approved service provider.
V-94673 Medium Symantec ProxySG must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources.
V-94701 Medium Symantec ProxySG must be configured to enforce a minimum 15-character password length for local accounts.
V-94661 Medium Symantec ProxySG must be configured to enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.
V-94667 Medium Symantec ProxySG must be configured to support centralized management and configuration of the audit log.
V-94705 Medium Symantec ProxySG must not have a default manufacturer passwords when deployed.
V-94665 Medium Symantec ProxySG must enable event access logging.
V-94679 Medium Symantec ProxySG must back up event logs onto a different system or system component than the system or component being audited.
V-94663 Low Symantec ProxySG must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.
V-94669 Low Symantec ProxySG must generate an alert to the console when a log processing failure is detected such as loss of communications with the Central Log Server or log records are no longer being sent.