Detections
Analytics

DISA Fortigate Firewall NDM STIG v1r1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA Fortigate Firewall NDM STIG v1r1

Updated: 3/3/2023

Authority: Network Devices

Plugin: FortiGate

Revision: 1.3

Estimated Item Count: 79

Audit Items

DescriptionCategories
FGFW-ND-000005 - The FortiGate device must automatically audit account creation. - event
FGFW-ND-000005 - The FortiGate device must automatically audit account creation. - system
FGFW-ND-000010 - The FortiGate device must automatically audit account modification. - event
FGFW-ND-000010 - The FortiGate device must automatically audit account modification. - system
FGFW-ND-000010 - The FortiGate device must automatically audit account modification. - user
FGFW-ND-000020 - The FortiGate device must automatically audit account removal actions. - event
FGFW-ND-000020 - The FortiGate device must automatically audit account removal actions. - system
FGFW-ND-000030 - The FortiGate device must have only one local account to be used as the account of last resort in the event the authentication server is unavailable.
FGFW-ND-000035 - The FortiGate device must allow full access to only those individuals or roles designated by the ISSM.
FGFW-ND-000040 - The FortiGate device must audit the execution of privileged functions. - event
FGFW-ND-000040 - The FortiGate device must audit the execution of privileged functions. - system
FGFW-ND-000045 - The FortiGate device must enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes. - admin-lockout-duration
FGFW-ND-000045 - The FortiGate device must enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes. - admin-lockout-threshold
FGFW-ND-000050 - The FortiGate device must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.
FGFW-ND-000055 - The FortiGate device must retain the Standard Mandatory DoD Notice and Consent Banner on the screen until the administrator acknowledges the usage conditions and takes explicit actions to log on for further access.
FGFW-ND-000060 - The FortiGate device must log all user activity.
FGFW-ND-000065 - The FortiGate device must generate audit records when successful/unsuccessful attempts to modify administrator privileges occur. - event
FGFW-ND-000065 - The FortiGate device must generate audit records when successful/unsuccessful attempts to modify administrator privileges occur. - system
FGFW-ND-000070 - The FortiGate device must generate audit records when successful/unsuccessful attempts to delete administrator privileges occur. - event
FGFW-ND-000070 - The FortiGate device must generate audit records when successful/unsuccessful attempts to delete administrator privileges occur. - system
FGFW-ND-000075 - The FortiGate device must generate audit records when successful/unsuccessful logon attempts occur. - event
FGFW-ND-000075 - The FortiGate device must generate audit records when successful/unsuccessful logon attempts occur. - system
FGFW-ND-000080 - The FortiGate device must generate audit records for privileged activities or other system-level access. - event
FGFW-ND-000080 - The FortiGate device must generate audit records for privileged activities or other system-level access. - system
FGFW-ND-000085 - The FortiGate device must generate audit records showing starting and ending time for administrator access to the system. - event
FGFW-ND-000085 - The FortiGate device must generate audit records showing starting and ending time for administrator access to the system. - system
FGFW-ND-000090 - The FortiGate device must generate audit records when concurrent logons from different workstations occur. - event
FGFW-ND-000090 - The FortiGate device must generate audit records when concurrent logons from different workstations occur. - system
FGFW-ND-000095 - The FortiGate device must generate audit records containing information that establishes the identity of any individual or process associated with the event.
FGFW-ND-000100 - The FortiGate device must generate audit records containing the full-text recording of privileged commands.
FGFW-ND-000105 - The FortiGate device must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. - diskfull overwrite
FGFW-ND-000105 - The FortiGate device must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. - max-log-file-size
FGFW-ND-000110 - The FortiGate device must off-load audit records on to a different system or media than the system being audited.
FGFW-ND-000115 - The FortiGate device must generate an immediate real-time alert of all audit failure events requiring real-time alerts.
FGFW-ND-000120 - The FortiGate device must synchronize internal information system clocks using redundant authoritative time sources. - ntp server 1
FGFW-ND-000120 - The FortiGate device must synchronize internal information system clocks using redundant authoritative time sources. - ntp server 2
FGFW-ND-000125 - The FortiGate device must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).
FGFW-ND-000130 - The FortiGate device must protect audit information from unauthorized deletion.
FGFW-ND-000135 - The FortiGate device must protect audit tools from unauthorized access.
FGFW-ND-000140 - The FortiGate device must protect audit tools from unauthorized modification.
FGFW-ND-000145 - The FortiGate device must prohibit installation of software without explicit privileged status.
FGFW-ND-000150 - The FortiGate device must enforce access restrictions associated with changes to device configuration.
FGFW-ND-000155 - The FortiGate device must limit privileges to change the software resident within software libraries.
FGFW-ND-000160 - The FortiGate device must enforce access restrictions associated with changes to the system components.
FGFW-ND-000165 - The FortiGate device must use LDAP for authentication.
FGFW-ND-000170 - The FortiGate device must be running an operating system release that is currently supported by the vendor.
FGFW-ND-000175 - The FortiGate device must generate log records for a locally developed list of auditable events. - eventfilter
FGFW-ND-000175 - The FortiGate device must generate log records for a locally developed list of auditable events. - log setting
FGFW-ND-000180 - The FortiGate device must conduct backups of system-level information contained in the information system when changes occur.
FGFW-ND-000185 - The FortiGate device must support organizational requirements to conduct backups of information system documentation, including security-related documentation, when changes occur or weekly, whichever is sooner.