Juniper Router NDM Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The Juniper router must be configured to automatically audit account modification.
Since the accounts in the network device are privileged or system-level accounts, account management is vital to the security of the network device. Account management by a designated authority ens...Rule Medium Severity -
The Juniper router must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies.
A mechanism to detect and prevent unauthorized communication flow must be configured or provided as part of the system design. If management information flow is not enforced based on approved autho...Rule Medium Severity -
The Juniper router must be configured to display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.
Display of the DoD-approved use notification before granting access to the network device ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executi...Rule Medium Severity -
The Juniper router must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation.
This requirement supports non-repudiation of actions taken by an administrator and is required in order to maintain the integrity of the configuration management process. All configuration changes ...Rule Medium Severity -
The Juniper router must be configured to protect audit information from unauthorized modification.
Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit network device activity. If audit data were to become compromised, ...Rule Medium Severity -
The Juniper router must be configured to prohibit the use of all unnecessary and nonsecure functions and services.
Network devices are capable of providing a wide variety of functions and services. Some of the functions and services provided by default may not be necessary to support essential organizational op...Rule High Severity -
The Juniper router must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.
Authentication for administrative (privileged level) access to the device is required at all times. An account can be created on the device's local database for use when the authentication server i...Rule Medium Severity -
The Juniper router must be configured to enforce a minimum 15-character password length.
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one factor of several that helps to d...Rule Medium Severity -
The Juniper router must be configured to enforce password complexity by requiring that at least one uppercase character be used.
Use of a complex passwords helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisti...Rule Medium Severity -
The Juniper router must be configured to enforce password complexity by requiring that at least one lowercase character be used.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.