DISA Symantec ProxySG Benchmark NDM v1r2

Audit Details

Name: DISA Symantec ProxySG Benchmark NDM v1r2

Updated: 4/25/2022

Authority: DISA STIG

Plugin: BlueCoat

Revision: 1.7

Estimated Item Count: 58

File Details

Filename: DISA_STIG_Symantec_ProxySG_NDM_v1r2.audit

Size: 141 kB

MD5: e1543fe75fada3f07b84380fa84843f8
SHA256: 45004b6c79888d3b717d027e32a27ecf1513692410d2618caed005103cad9b7d

Audit Items

DescriptionCategories
SYMP-NM-000010 - Symantec ProxySG must be configured with only one local account that is used as the account of last resort.

ACCESS CONTROL

SYMP-NM-000020 - Symantec ProxySG must be configured to enforce user authorization to implement least privilege.

ACCESS CONTROL

SYMP-NM-000030 - Symantec ProxySG must configure Web Management Console access restrictions to authorized IP address/ranges.

ACCESS CONTROL

SYMP-NM-000040 - Symantec ProxySG must be configured to enforce assigned privilege levels for approved administrators when accessing the management console, SSH, and the command line interface (CLI).

ACCESS CONTROL

SYMP-NM-000050 - Symantec ProxySG must be configured to enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period - Lockout duration

ACCESS CONTROL

SYMP-NM-000050 - Symantec ProxySG must be configured to enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period - max-failed-attempts

ACCESS CONTROL

SYMP-NM-000050 - Symantec ProxySG must be configured to enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period - Reset interval

ACCESS CONTROL

SYMP-NM-000060 - Symantec ProxySG must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.

ACCESS CONTROL

SYMP-NM-000070 - Symantec ProxySG must enable event access logging.

AUDIT AND ACCOUNTABILITY

SYMP-NM-000080 - Symantec ProxySG must be configured to support centralized management and configuration of the audit log - enable

AUDIT AND ACCOUNTABILITY

SYMP-NM-000080 - Symantec ProxySG must be configured to support centralized management and configuration of the audit log - Syslog IP

AUDIT AND ACCOUNTABILITY

SYMP-NM-000090 - Symantec ProxySG must generate an alert to the console when a log processing failure is detected such as loss of communications with the Central Log Server or log records are no longer being sent - email addresses

AUDIT AND ACCOUNTABILITY

SYMP-NM-000090 - Symantec ProxySG must generate an alert to the console when a log processing failure is detected such as loss of communications with the Central Log Server or log records are no longer being sent.

AUDIT AND ACCOUNTABILITY

SYMP-NM-000100 - Symantec ProxySG must compare internal information system clocks at least every 24 hours with an authoritative time server - Interval

AUDIT AND ACCOUNTABILITY

SYMP-NM-000100 - Symantec ProxySG must compare internal information system clocks at least every 24 hours with an authoritative time server - NTP Server

AUDIT AND ACCOUNTABILITY

SYMP-NM-000110 - Symantec ProxySG must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources.

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

SYMP-NM-000120 - Symantec ProxySG must protect the Web Management Console, SSH, and command line interface (CLI) from unauthorized modification.

AUDIT AND ACCOUNTABILITY

SYMP-NM-000130 - Symantec ProxySG must protect the Web Management Console, SSH, and command line interface (CLI) from unauthorized access.

AUDIT AND ACCOUNTABILITY

SYMP-NM-000140 - Symantec ProxySG must back up event logs onto a different system or system component than the system or component being audited - Syslog Enabled

AUDIT AND ACCOUNTABILITY

SYMP-NM-000140 - Symantec ProxySG must back up event logs onto a different system or system component than the system or component being audited - Syslog IP

AUDIT AND ACCOUNTABILITY

SYMP-NM-000150 - Symantec ProxySG must employ automated mechanisms to centrally verify authentication settings - Policy Review

CONFIGURATION MANAGEMENT

SYMP-NM-000150 - Symantec ProxySG must employ automated mechanisms to centrally verify authentication settings.

CONFIGURATION MANAGEMENT

SYMP-NM-000160 - Accounts for device management must be configured on the authentication server and not on Symantec ProxySG itself, except for the account of last resort.

CONFIGURATION MANAGEMENT

SYMP-NM-000170 - Symantec ProxySG must use Role-Based Access Control (RBAC) to assign privileges to users for access to files and functions.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

SYMP-NM-000180 - Symantec ProxySG must employ automated mechanisms to centrally apply authentication settings - Policy Review

CONFIGURATION MANAGEMENT

SYMP-NM-000180 - Symantec ProxySG must employ automated mechanisms to centrally apply authentication settings.

CONFIGURATION MANAGEMENT

SYMP-NM-000190 - Symantec ProxySG must support organizational requirements to conduct backups of system level information contained in the ProxySG when changes occur or weekly, whichever is sooner - Path

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING

SYMP-NM-000190 - Symantec ProxySG must support organizational requirements to conduct backups of system level information contained in the ProxySG when changes occur or weekly, whichever is sooner - Username

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING

SYMP-NM-000190 - Symantec ProxySG must support organizational requirements to conduct backups of system level information contained in the ProxySG when changes occur or weekly, whichever is sooner.

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING

SYMP-NM-000200 - Symantec ProxySG must obtain its public key certificates from an appropriate certificate policy through an approved service provider.

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-NM-000200 - Symantec ProxySG must obtain its public key certificates from an appropriate certificate policy through an approved service provider. - attribute keyring

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-NM-000210 - Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component - Cloud Services

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

SYMP-NM-000210 - Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component - CPU Utilization

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

SYMP-NM-000210 - Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component - ICAP Deferred

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

SYMP-NM-000210 - Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component - ICAP queued

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

SYMP-NM-000210 - Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component - Memory Utilization

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

SYMP-NM-000210 - Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component - NW 0:0 Utilization

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

SYMP-NM-000210 - Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component - NW 1:0 Utilization

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

SYMP-NM-000210 - Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component - NW 2:0 Utilization

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

SYMP-NM-000210 - Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component - NW 2:1 Utilization

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

SYMP-NM-000210 - Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component - Thresholds

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

SYMP-NM-000220 - Symantec ProxySG must use only approved management services protocols.

CONFIGURATION MANAGEMENT

SYMP-NM-000230 - Symantec ProxySG must implement HTTPS-console to provide replay-resistant authentication mechanisms for network access to privileged accounts. - HTTP-Console

IDENTIFICATION AND AUTHENTICATION

SYMP-NM-000230 - Symantec ProxySG must implement HTTPS-console to provide replay-resistant authentication mechanisms for network access to privileged accounts. - HTTPS-Console

IDENTIFICATION AND AUTHENTICATION

SYMP-NM-000240 - Symantec ProxySG must configure SNMPv3 so that cryptographically-based bidirectional authentication is used.

IDENTIFICATION AND AUTHENTICATION

SYMP-NM-000240 - Symantec ProxySG must configure SNMPv3 so that cryptographically-based bidirectional authentication is used. - snmpv1

IDENTIFICATION AND AUTHENTICATION

SYMP-NM-000240 - Symantec ProxySG must configure SNMPv3 so that cryptographically-based bidirectional authentication is used. - snmpv2c

IDENTIFICATION AND AUTHENTICATION

SYMP-NM-000240 - Symantec ProxySG must configure SNMPv3 so that cryptographically-based bidirectional authentication is used. - snmpv3

IDENTIFICATION AND AUTHENTICATION

SYMP-NM-000250 - Symantec ProxySG must be configured to enforce a minimum 15-character password length for local accounts.

IDENTIFICATION AND AUTHENTICATION

SYMP-NM-000260 - Symantec ProxySG must transmit only encrypted representations of passwords - HTTP-Console Disabled

IDENTIFICATION AND AUTHENTICATION