DISA Symantec ProxySG Benchmark ALG v1r3

Audit Details

Name: DISA Symantec ProxySG Benchmark ALG v1r3

Updated: 4/25/2022

Authority: DISA STIG

Plugin: BlueCoat

Revision: 1.7

Estimated Item Count: 101

File Details

Filename: DISA_STIG_Symantec_ProxySG_ALG_v1r3.audit

Size: 287 kB

MD5: cb6465f57bd04d10e8d04cac9fdc1a28
SHA256: 7d8e0c5d3df83a587b171f441c41f3e2123b19bc3b4b5c0c768b32c6cb7611f9

Audit Items

DescriptionCategories
SYMP-AG-000010 - If Symantec ProxySG filters externally initiated traffic, reverse proxy services must be configured.

ACCESS CONTROL

SYMP-AG-000020 - Symantec ProxySG providing intermediary services for remote access communications traffic must ensure outbound traffic is monitored for compliance with remote access security policies.

ACCESS CONTROL

SYMP-AG-000030 - Symantec ProxySG providing forward proxy intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52 - client.connection.negotiated_cipher

ACCESS CONTROL

SYMP-AG-000030 - Symantec ProxySG providing forward proxy intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52 - client.connection.negotiated_ssl_version

ACCESS CONTROL

SYMP-AG-000030 - Symantec ProxySG providing forward proxy intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52 - server.connection.negotiated_cipher

ACCESS CONTROL

SYMP-AG-000030 - Symantec ProxySG providing forward proxy intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52 - server.connection.negotiated_ssl_version

ACCESS CONTROL

SYMP-AG-000040 - Symantec ProxySG providing reverse proxy intermediary services for TLS must be configured to version 1.1 or higher with an approved cipher suite.

ACCESS CONTROL

SYMP-AG-000050 - Symantec ProxySG storing secret or private keys must use FIPS-approved key management technology and processes in the production and control of private/secret cryptographic keys.

ACCESS CONTROL

SYMP-AG-000060 - Symantec ProxySG must implement security policies that enforce approved authorizations for logical access to information and system resources by employing identity-based, role-based, and/or attribute-based security policies.

ACCESS CONTROL

SYMP-AG-000070 - Symantec ProxySG must restrict or block harmful or suspicious communications traffic by controlling the flow of information between interconnected networks based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic - SSL

ACCESS CONTROL

SYMP-AG-000070 - Symantec ProxySG must restrict or block harmful or suspicious communications traffic by controlling the flow of information between interconnected networks based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic - Web Access

ACCESS CONTROL

SYMP-AG-000080 - Symantec ProxySG must enforce approved authorizations for controlling the flow of information within the network based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic.

ACCESS CONTROL

SYMP-AG-000090 - Symantec ProxySG must immediately use updates made to policy enforcement mechanisms such as policies and rules - SSL

ACCESS CONTROL

SYMP-AG-000090 - Symantec ProxySG must immediately use updates made to policy enforcement mechanisms such as policies and rules - Web Access

ACCESS CONTROL

SYMP-AG-000100 - Symantec ProxySG providing user access control intermediary services must display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to the network.

ACCESS CONTROL

SYMP-AG-000110 - Symantec ProxySG providing user access control intermediary services for publicly accessible applications must display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to the system.

ACCESS CONTROL

SYMP-AG-000120 - Symantec ProxySG providing user access control intermediary services must generate audit records when successful/unsuccessful logon attempts occur - enabled

AUDIT AND ACCOUNTABILITY

SYMP-AG-000120 - Symantec ProxySG providing user access control intermediary services must generate audit records when successful/unsuccessful logon attempts occur - policy rules

AUDIT AND ACCOUNTABILITY

SYMP-AG-000130 - Symantec ProxySG providing user access control intermediary services must generate audit records showing starting and ending time for user access to the system.

AUDIT AND ACCOUNTABILITY

SYMP-AG-000140 - Symantec ProxySG providing user access control intermediary services must generate audit records when successful/unsuccessful attempts to access web resources occur.

AUDIT AND ACCOUNTABILITY

SYMP-AG-000150 - Symantec ProxySG must produce audit records containing information to establish what type of events occurred.

AUDIT AND ACCOUNTABILITY

SYMP-AG-000160 - Symantec ProxySG must produce audit records containing information to establish when (date and time) the events occurred.

AUDIT AND ACCOUNTABILITY

SYMP-AG-000170 - Symantec ProxySG must produce audit records containing information to establish where the events occurred.

AUDIT AND ACCOUNTABILITY

SYMP-AG-000180 - Symantec ProxySG must produce audit records containing information to establish the source of the events.

AUDIT AND ACCOUNTABILITY

SYMP-AG-000190 - Symantec ProxySG must produce audit records containing information to establish the outcome of the events.

AUDIT AND ACCOUNTABILITY

SYMP-AG-000200 - Symantec ProxySG must generate audit records containing information to establish the identity of any individual or process associated with the event.

AUDIT AND ACCOUNTABILITY

SYMP-AG-000210 - Symantec ProxySG must use a centralized log server.

AUDIT AND ACCOUNTABILITY

SYMP-AG-000220 - Symantec ProxySG must be configured to send the access logs to the centralized log server continuously.

AUDIT AND ACCOUNTABILITY

SYMP-AG-000230 - Symantec ProxySG must provide an alert to, at a minimum, the SCA and ISSO of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server - Enabled

AUDIT AND ACCOUNTABILITY

SYMP-AG-000230 - Symantec ProxySG must provide an alert to, at a minimum, the SCA and ISSO of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server - From

AUDIT AND ACCOUNTABILITY

SYMP-AG-000230 - Symantec ProxySG must provide an alert to, at a minimum, the SCA and ISSO of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server - Server

AUDIT AND ACCOUNTABILITY

SYMP-AG-000240 - The reverse proxy Symantec ProxySG providing intermediary services for FTP must inspect inbound FTP communications traffic for protocol compliance and protocol anomalies - Forwarding Host

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-AG-000240 - The reverse proxy Symantec ProxySG providing intermediary services for FTP must inspect inbound FTP communications traffic for protocol compliance and protocol anomalies - Policy Rules

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-AG-000240 - The reverse proxy Symantec ProxySG providing intermediary services for FTP must inspect inbound FTP communications traffic for protocol compliance and protocol anomalies - Review Proxies

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-AG-000250 - Symantec ProxySG providing intermediary services for FTP must inspect outbound FTP communications traffic for protocol compliance and protocol anomalies.

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-AG-000260 - Symantec ProxySG providing intermediary services for HTTP must inspect inbound HTTP traffic for protocol compliance and protocol anomalies - Explicit

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-AG-000260 - Symantec ProxySG providing intermediary services for HTTP must inspect inbound HTTP traffic for protocol compliance and protocol anomalies - External

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-AG-000260 - Symantec ProxySG providing intermediary services for HTTP must inspect inbound HTTP traffic for protocol compliance and protocol anomalies - Internal

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-AG-000270 - Symantec ProxySG providing intermediary services for HTTP must inspect outbound HTTP traffic for protocol compliance and protocol anomalies - Explicit

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-AG-000270 - Symantec ProxySG providing intermediary services for HTTP must inspect outbound HTTP traffic for protocol compliance and protocol anomalies - External

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-AG-000270 - Symantec ProxySG providing intermediary services for HTTP must inspect outbound HTTP traffic for protocol compliance and protocol anomalies - Internal

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-AG-000280 - Symantec ProxySG must not have unnecessary services and functions enabled.

CONFIGURATION MANAGEMENT

SYMP-AG-000290 - Symantec ProxySG must be configured to remove or disable unrelated or unneeded application proxy services.

CONFIGURATION MANAGEMENT

SYMP-AG-000300 - Symantec ProxySG must be configured to prohibit or restrict the use of network services as defined in the PPSM CAL and vulnerability assessments. - Destination

CONFIGURATION MANAGEMENT

SYMP-AG-000300 - Symantec ProxySG must be configured to prohibit or restrict the use of network services as defined in the PPSM CAL and vulnerability assessments. - Source

CONFIGURATION MANAGEMENT

SYMP-AG-000310 - Symantec ProxySG providing user authentication intermediary services must require users to reauthenticate every 900 seconds when organization-defined circumstances or situations require reauthentication - coreid

IDENTIFICATION AND AUTHENTICATION

SYMP-AG-000310 - Symantec ProxySG providing user authentication intermediary services must require users to reauthenticate every 900 seconds when organization-defined circumstances or situations require reauthentication - iwa

IDENTIFICATION AND AUTHENTICATION

SYMP-AG-000310 - Symantec ProxySG providing user authentication intermediary services must require users to reauthenticate every 900 seconds when organization-defined circumstances or situations require reauthentication - LDAP

IDENTIFICATION AND AUTHENTICATION

SYMP-AG-000310 - Symantec ProxySG providing user authentication intermediary services must require users to reauthenticate every 900 seconds when organization-defined circumstances or situations require reauthentication - RADIUS

IDENTIFICATION AND AUTHENTICATION

SYMP-AG-000310 - Symantec ProxySG providing user authentication intermediary services must require users to reauthenticate every 900 seconds when organization-defined circumstances or situations require reauthentication - siteminder

IDENTIFICATION AND AUTHENTICATION