DISA Fortigate Firewall NDM STIG v1r1

Audit Details

Name: DISA Fortigate Firewall NDM STIG v1r1

Updated: 7/27/2022

Authority: DISA STIG

Plugin: FortiGate

Revision: 1.0

Estimated Item Count: 79

File Details

Filename: DISA_STIG_Fortigate_Firewall_NDM_v1r1.audit

Size: 177 kB

MD5: 910380a9465e6dfa36bfe3cacb8928f1
SHA256: b4e5991110ba42c088601df55921a50be5682d40f574c988205a28acb4ccd290

Audit Items

DescriptionCategories
FGFW-ND-000005 - The FortiGate device must automatically audit account creation. - event

ACCESS CONTROL

FGFW-ND-000005 - The FortiGate device must automatically audit account creation. - system

ACCESS CONTROL

FGFW-ND-000010 - The FortiGate device must automatically audit account modification. - event

ACCESS CONTROL

FGFW-ND-000010 - The FortiGate device must automatically audit account modification. - system

ACCESS CONTROL

FGFW-ND-000010 - The FortiGate device must automatically audit account modification. - user

ACCESS CONTROL

FGFW-ND-000020 - The FortiGate device must automatically audit account removal actions. - event

ACCESS CONTROL

FGFW-ND-000020 - The FortiGate device must automatically audit account removal actions. - system

ACCESS CONTROL

FGFW-ND-000030 - The FortiGate device must have only one local account to be used as the account of last resort in the event the authentication server is unavailable.

ACCESS CONTROL

FGFW-ND-000035 - The FortiGate device must allow full access to only those individuals or roles designated by the ISSM.

ACCESS CONTROL

FGFW-ND-000040 - The FortiGate device must audit the execution of privileged functions. - event

ACCESS CONTROL

FGFW-ND-000040 - The FortiGate device must audit the execution of privileged functions. - system

ACCESS CONTROL

FGFW-ND-000045 - The FortiGate device must enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes. - admin-lockout-duration

ACCESS CONTROL

FGFW-ND-000045 - The FortiGate device must enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes. - admin-lockout-threshold

ACCESS CONTROL

FGFW-ND-000050 - The FortiGate device must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.

ACCESS CONTROL

FGFW-ND-000055 - The FortiGate device must retain the Standard Mandatory DoD Notice and Consent Banner on the screen until the administrator acknowledges the usage conditions and takes explicit actions to log on for further access.

ACCESS CONTROL

FGFW-ND-000060 - The FortiGate device must log all user activity.

AUDIT AND ACCOUNTABILITY

FGFW-ND-000065 - The FortiGate device must generate audit records when successful/unsuccessful attempts to modify administrator privileges occur. - event

AUDIT AND ACCOUNTABILITY

FGFW-ND-000065 - The FortiGate device must generate audit records when successful/unsuccessful attempts to modify administrator privileges occur. - system

AUDIT AND ACCOUNTABILITY

FGFW-ND-000070 - The FortiGate device must generate audit records when successful/unsuccessful attempts to delete administrator privileges occur. - event

AUDIT AND ACCOUNTABILITY

FGFW-ND-000070 - The FortiGate device must generate audit records when successful/unsuccessful attempts to delete administrator privileges occur. - system

AUDIT AND ACCOUNTABILITY

FGFW-ND-000075 - The FortiGate device must generate audit records when successful/unsuccessful logon attempts occur. - event

AUDIT AND ACCOUNTABILITY

FGFW-ND-000075 - The FortiGate device must generate audit records when successful/unsuccessful logon attempts occur. - system

AUDIT AND ACCOUNTABILITY

FGFW-ND-000080 - The FortiGate device must generate audit records for privileged activities or other system-level access. - event

AUDIT AND ACCOUNTABILITY

FGFW-ND-000080 - The FortiGate device must generate audit records for privileged activities or other system-level access. - system

AUDIT AND ACCOUNTABILITY

FGFW-ND-000085 - The FortiGate device must generate audit records showing starting and ending time for administrator access to the system. - event

AUDIT AND ACCOUNTABILITY

FGFW-ND-000085 - The FortiGate device must generate audit records showing starting and ending time for administrator access to the system. - system

AUDIT AND ACCOUNTABILITY

FGFW-ND-000090 - The FortiGate device must generate audit records when concurrent logons from different workstations occur. - event

AUDIT AND ACCOUNTABILITY

FGFW-ND-000090 - The FortiGate device must generate audit records when concurrent logons from different workstations occur. - system

AUDIT AND ACCOUNTABILITY

FGFW-ND-000095 - The FortiGate device must generate audit records containing information that establishes the identity of any individual or process associated with the event.

AUDIT AND ACCOUNTABILITY

FGFW-ND-000100 - The FortiGate device must generate audit records containing the full-text recording of privileged commands.

AUDIT AND ACCOUNTABILITY

FGFW-ND-000105 - The FortiGate device must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. - diskfull overwrite

AUDIT AND ACCOUNTABILITY

FGFW-ND-000105 - The FortiGate device must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. - max-log-file-size

AUDIT AND ACCOUNTABILITY

FGFW-ND-000110 - The FortiGate device must off-load audit records on to a different system or media than the system being audited.

AUDIT AND ACCOUNTABILITY

FGFW-ND-000115 - The FortiGate device must generate an immediate real-time alert of all audit failure events requiring real-time alerts.

AUDIT AND ACCOUNTABILITY

FGFW-ND-000120 - The FortiGate device must synchronize internal information system clocks using redundant authoritative time sources. - ntp server 1

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

FGFW-ND-000120 - The FortiGate device must synchronize internal information system clocks using redundant authoritative time sources. - ntp server 2

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

FGFW-ND-000125 - The FortiGate device must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).

AUDIT AND ACCOUNTABILITY

FGFW-ND-000130 - The FortiGate device must protect audit information from unauthorized deletion.

AUDIT AND ACCOUNTABILITY

FGFW-ND-000135 - The FortiGate device must protect audit tools from unauthorized access.

AUDIT AND ACCOUNTABILITY

FGFW-ND-000140 - The FortiGate device must protect audit tools from unauthorized modification.

AUDIT AND ACCOUNTABILITY

FGFW-ND-000145 - The FortiGate device must prohibit installation of software without explicit privileged status.

CONFIGURATION MANAGEMENT

FGFW-ND-000150 - The FortiGate device must enforce access restrictions associated with changes to device configuration.

CONFIGURATION MANAGEMENT

FGFW-ND-000155 - The FortiGate device must limit privileges to change the software resident within software libraries.

CONFIGURATION MANAGEMENT

FGFW-ND-000160 - The FortiGate device must enforce access restrictions associated with changes to the system components.

CONFIGURATION MANAGEMENT

FGFW-ND-000165 - The FortiGate device must use LDAP for authentication.

CONFIGURATION MANAGEMENT

FGFW-ND-000170 - The FortiGate device must be running an operating system release that is currently supported by the vendor.

CONFIGURATION MANAGEMENT

FGFW-ND-000175 - The FortiGate device must generate log records for a locally developed list of auditable events. - eventfilter

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

FGFW-ND-000175 - The FortiGate device must generate log records for a locally developed list of auditable events. - log setting

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

FGFW-ND-000180 - The FortiGate device must conduct backups of system-level information contained in the information system when changes occur.

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING

FGFW-ND-000185 - The FortiGate device must support organizational requirements to conduct backups of information system documentation, including security-related documentation, when changes occur or weekly, whichever is sooner.

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING