SYMP-NM-000010 - Symantec ProxySG must be configured with only one local account that is used as the account of last resort.

800-53|AC-2(7)(a)

800-53|AC-2a.

CAT|II

CCI|CCI-001358

CCI|CCI-002111

Rule-ID|SV-104483r1_rule

STIG-ID|SYMP-NM-000010

Vuln-ID|V-94653

SYMP-NM-000020 - Symantec ProxySG must be configured to enforce user authorization to implement least privilege.

800-53|AC-3

CAT|I

CCI|CCI-000213

Rule-ID|SV-104485r1_rule

STIG-ID|SYMP-NM-000020

Vuln-ID|V-94655

SYMP-NM-000030 - Symantec ProxySG must configure Web Management Console access restrictions to authorized IP address/ranges.

Rule-ID|SV-104487r1_rule

STIG-ID|SYMP-NM-000030

Vuln-ID|V-94657

SYMP-NM-000040 - Symantec ProxySG must be configured to enforce assigned privilege levels for approved administrators when accessing the management console, SSH, and the command line interface (CLI).

800-53|AC-4

CCI|CCI-001368

Rule-ID|SV-104489r1_rule

STIG-ID|SYMP-NM-000040

Vuln-ID|V-94659

SYMP-NM-000050 - Symantec ProxySG must be configured to enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period - Lockout duration

800-53|AC-7a.

CCI|CCI-000044

Rule-ID|SV-104491r1_rule

STIG-ID|SYMP-NM-000050

Vuln-ID|V-94661

SYMP-NM-000050 - Symantec ProxySG must be configured to enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period - max-failed-attempts

SYMP-NM-000050 - Symantec ProxySG must be configured to enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period - Reset interval

SYMP-NM-000060 - Symantec ProxySG must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.

800-53|AC-8a.

CAT|III

CCI|CCI-000048

Rule-ID|SV-104493r1_rule

STIG-ID|SYMP-NM-000060

Vuln-ID|V-94663

SYMP-NM-000070 - Symantec ProxySG must enable event access logging.

800-53|AU-12a.

CCI|CCI-000169

Rule-ID|SV-104495r1_rule

STIG-ID|SYMP-NM-000070

Vuln-ID|V-94665

SYMP-NM-000080 - Symantec ProxySG must be configured to support centralized management and configuration of the audit log - enable

800-53|AU-4(1)

CCI|CCI-001851

Rule-ID|SV-104497r1_rule

STIG-ID|SYMP-NM-000080

Vuln-ID|V-94667

SYMP-NM-000080 - Symantec ProxySG must be configured to support centralized management and configuration of the audit log - Syslog IP

SYMP-NM-000090 - Symantec ProxySG must generate an alert to the console when a log processing failure is detected such as loss of communications with the Central Log Server or log records are no longer being sent - email addresses

800-53|AU-5(2)

CCI|CCI-001858

Rule-ID|SV-104499r1_rule

STIG-ID|SYMP-NM-000090

Vuln-ID|V-94669

SYMP-NM-000090 - Symantec ProxySG must generate an alert to the console when a log processing failure is detected such as loss of communications with the Central Log Server or log records are no longer being sent.

SYMP-NM-000100 - Symantec ProxySG must compare internal information system clocks at least every 24 hours with an authoritative time server - Interval

800-53|AU-8(1)(a)

CCI|CCI-001891

Rule-ID|SV-104501r1_rule

STIG-ID|SYMP-NM-000100

Vuln-ID|V-94671

SYMP-NM-000100 - Symantec ProxySG must compare internal information system clocks at least every 24 hours with an authoritative time server - NTP Server

SYMP-NM-000110 - Symantec ProxySG must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources.

800-53|AU-8(2)

800-53|CM-6b.

CCI|CCI-000366

CCI|CCI-001893

Rule-ID|SV-104503r1_rule

STIG-ID|SYMP-NM-000110

Vuln-ID|V-94673

SYMP-NM-000120 - Symantec ProxySG must protect the Web Management Console, SSH, and command line interface (CLI) from unauthorized modification.

800-53|AU-9

CCI|CCI-001494

Rule-ID|SV-104505r1_rule

STIG-ID|SYMP-NM-000120

Vuln-ID|V-94675

SYMP-NM-000130 - Symantec ProxySG must protect the Web Management Console, SSH, and command line interface (CLI) from unauthorized access.

CCI|CCI-001493

Rule-ID|SV-104507r1_rule

STIG-ID|SYMP-NM-000130

Vuln-ID|V-94677

SYMP-NM-000140 - Symantec ProxySG must back up event logs onto a different system or system component than the system or component being audited - Syslog Enabled

800-53|AU-9(2)

CCI|CCI-001348

Rule-ID|SV-104509r1_rule

STIG-ID|SYMP-NM-000140

Vuln-ID|V-94679

SYMP-NM-000140 - Symantec ProxySG must back up event logs onto a different system or system component than the system or component being audited - Syslog IP

SYMP-NM-000150 - Symantec ProxySG must employ automated mechanisms to centrally verify authentication settings - Policy Review

800-53|CM-6(1)

CCI|CCI-000372

Rule-ID|SV-104511r1_rule

STIG-ID|SYMP-NM-000150

Vuln-ID|V-94681

SYMP-NM-000150 - Symantec ProxySG must employ automated mechanisms to centrally verify authentication settings.

SYMP-NM-000160 - Accounts for device management must be configured on the authentication server and not on Symantec ProxySG itself, except for the account of last resort.

CCI|CCI-000370

Rule-ID|SV-104513r1_rule

STIG-ID|SYMP-NM-000160

Vuln-ID|V-94683

SYMP-NM-000170 - Symantec ProxySG must use Role-Based Access Control (RBAC) to assign privileges to users for access to files and functions.

800-53|AC-3(7)

CCI|CCI-002169

Rule-ID|SV-104515r1_rule

STIG-ID|SYMP-NM-000170

Vuln-ID|V-94685

SYMP-NM-000180 - Symantec ProxySG must employ automated mechanisms to centrally apply authentication settings - Policy Review

CCI|CCI-000371

Rule-ID|SV-104517r1_rule

STIG-ID|SYMP-NM-000180

Vuln-ID|V-94687

SYMP-NM-000180 - Symantec ProxySG must employ automated mechanisms to centrally apply authentication settings.

SYMP-NM-000190 - Symantec ProxySG must support organizational requirements to conduct backups of system level information contained in the ProxySG when changes occur or weekly, whichever is sooner - Path

800-53|CP-9b.

CCI|CCI-000537

Rule-ID|SV-104519r1_rule

STIG-ID|SYMP-NM-000190

Vuln-ID|V-94689

SYMP-NM-000190 - Symantec ProxySG must support organizational requirements to conduct backups of system level information contained in the ProxySG when changes occur or weekly, whichever is sooner - Username

SYMP-NM-000190 - Symantec ProxySG must support organizational requirements to conduct backups of system level information contained in the ProxySG when changes occur or weekly, whichever is sooner.

SYMP-NM-000200 - Symantec ProxySG must obtain its public key certificates from an appropriate certificate policy through an approved service provider.

800-53|SC-17

CCI|CCI-001159

Rule-ID|SV-104521r1_rule

STIG-ID|SYMP-NM-000200

Vuln-ID|V-94691

SYMP-NM-000200 - Symantec ProxySG must obtain its public key certificates from an appropriate certificate policy through an approved service provider. - attribute keyring

SYMP-NM-000210 - Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component - Cloud Services

800-53|SI-13(4)(b)

CCI|CCI-001328

Rule-ID|SV-104523r1_rule

STIG-ID|SYMP-NM-000210

Vuln-ID|V-94693

SYMP-NM-000210 - Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component - CPU Utilization

SYMP-NM-000210 - Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component - ICAP Deferred

SYMP-NM-000210 - Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component - ICAP queued

SYMP-NM-000210 - Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component - Memory Utilization

SYMP-NM-000210 - Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component - NW 0:0 Utilization

SYMP-NM-000210 - Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component - NW 1:0 Utilization

SYMP-NM-000210 - Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component - NW 2:0 Utilization

SYMP-NM-000210 - Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component - NW 2:1 Utilization

SYMP-NM-000210 - Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component - Thresholds

SYMP-NM-000220 - Symantec ProxySG must use only approved management services protocols.

800-53|CM-7b.

CCI|CCI-000382

Rule-ID|SV-104525r1_rule

STIG-ID|SYMP-NM-000220

Vuln-ID|V-94695

SYMP-NM-000230 - Symantec ProxySG must implement HTTPS-console to provide replay-resistant authentication mechanisms for network access to privileged accounts. - HTTP-Console

800-53|IA-2(8)

CCI|CCI-001941

Rule-ID|SV-104527r1_rule

STIG-ID|SYMP-NM-000230

Vuln-ID|V-94697

SYMP-NM-000230 - Symantec ProxySG must implement HTTPS-console to provide replay-resistant authentication mechanisms for network access to privileged accounts. - HTTPS-Console

SYMP-NM-000240 - Symantec ProxySG must configure SNMPv3 so that cryptographically-based bidirectional authentication is used.

800-53|IA-3(1)

CCI|CCI-001967

Rule-ID|SV-104529r1_rule

STIG-ID|SYMP-NM-000240

Vuln-ID|V-94699

SYMP-NM-000240 - Symantec ProxySG must configure SNMPv3 so that cryptographically-based bidirectional authentication is used. - snmpv1

SYMP-NM-000240 - Symantec ProxySG must configure SNMPv3 so that cryptographically-based bidirectional authentication is used. - snmpv2c

SYMP-NM-000240 - Symantec ProxySG must configure SNMPv3 so that cryptographically-based bidirectional authentication is used. - snmpv3

SYMP-NM-000250 - Symantec ProxySG must be configured to enforce a minimum 15-character password length for local accounts.

800-53|IA-5(1)(a)

CCI|CCI-000205

Rule-ID|SV-104531r1_rule

STIG-ID|SYMP-NM-000250

Vuln-ID|V-94701

SYMP-NM-000260 - Symantec ProxySG must transmit only encrypted representations of passwords - HTTP-Console Disabled

800-53|IA-5(1)(c)

CCI|CCI-000197

Rule-ID|SV-104533r1_rule

STIG-ID|SYMP-NM-000260

Vuln-ID|V-94703

SYMP-NM-000260 - Symantec ProxySG must transmit only encrypted representations of passwords.

SYMP-NM-000270 - Symantec ProxySG must not have a default manufacturer passwords when deployed.

800-53|IA-5(1)(f)

CCI|CCI-002041

Rule-ID|SV-104535r1_rule

STIG-ID|SYMP-NM-000270

Vuln-ID|V-94705

SYMP-NM-000280 - Symantec ProxySG must be configured to use only FIPS 140-2 approved algorithms for authentication to a cryptographic module with any application or protocol.

800-53|IA-7

CCI|CCI-000803

Rule-ID|SV-104537r1_rule

STIG-ID|SYMP-NM-000280

Vuln-ID|V-94707

SYMP-NM-000290 - The Symantec ProxySG Web Management Console and SSH sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications.

Detections

Analytics

DISA Symantec ProxySG Benchmark NDM v1r2

Audit Details

File Details

Audit Changelog

Revision 1.9

Miscellaneous

Revision 1.8

Miscellaneous

Revision 1.7

Miscellaneous

Revision 1.6

Functional Update

Revision 1.5

Functional Update

Informational Update

Miscellaneous

Revision 1.4

Miscellaneous

Revision 1.3

Miscellaneous

Revision 1.2

Miscellaneous

Revision 1.1

Miscellaneous

Detections

Analytics

DISA Symantec ProxySG Benchmark NDM v1r2 Download File

Audit Details

File Details

Audit Changelog

Miscellaneous

Miscellaneous

Miscellaneous

Functional Update

Functional Update

Informational Update

Miscellaneous

Miscellaneous

Miscellaneous

Miscellaneous

Miscellaneous

DISA Symantec ProxySG Benchmark NDM v1r2