Ivanti MobileIron Sentry 9.x ALG Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-NET-000355-ALG-000117
Group -
The Sentry providing mobile device authentication intermediary services using PKI-based mobile device authentication must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of protected sessions.
Non-DoD-approved PKIs have not been evaluated to ensure they have security controls and identity vetting procedures in place that are sufficient for DoD systems to rely on the identity asserted in ...Rule Medium Severity -
SRG-NET-000362-ALG-000120
Group -
SRG-NET-000364-ALG-000122
Group -
The Sentry must only allow incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.
Unrestricted traffic may contain malicious traffic which poses a threat to an enclave or to other connected networks. Additionally, unrestricted traffic may transit a network, which uses bandwidth ...Rule Medium Severity -
SRG-NET-000402-ALG-000130
Group -
SRG-NET-000510-ALG-000025
Group -
The Sentry providing encryption intermediary services must implement NIST FIPS-validated cryptography to generate cryptographic hashes.
Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The network element must implement cryptographic modules adhering to the higher standa...Rule Medium Severity -
SRG-NET-000510-ALG-000040
Group -
The Sentry providing encryption intermediary services must implement NIST FIPS-validated cryptography for digital signatures.
Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The network element must implement cryptographic modules adhering to the higher standa...Rule Medium Severity -
SRG-NET-000510-ALG-000111
Group -
The Sentry providing encryption intermediary services must use NIST FIPS-validated cryptography to implement encryption services.
Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The network element must implement cryptographic modules adhering to the higher standa...Rule Medium Severity -
SRG-NET-000511-ALG-000051
Group -
The Sentry must offload audit records onto a centralized log server in real time.
Offloading ensures audit information does not get overwritten if the limited audit storage capacity is reached and also protects the audit record in case the system/component being audited is compr...Rule Low Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.