Skip to content

Riverbed SteelHead CX v8 NDM Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Riverbed Optimization System (RiOS) must generate alerts that can be forwarded to the administrators and ISSO when accounts are disabled.

    <VulnDiscussion>When application accounts are disabled, administrator accessibility is affected. Accounts are utilized for identifying indivi...
    Rule Low Severity
  • SRG-APP-000294-NDM-000278

    <GroupDescription></GroupDescription>
    Group
  • Riverbed Optimization System (RiOS) must generate alerts that can be forwarded to the administrators and ISSO when accounts are removed.

    &lt;VulnDiscussion&gt;When application accounts are removed, administrator accessibility is affected. Accounts are utilized for identifying individ...
    Rule Low Severity
  • SRG-APP-000033-NDM-000212

    <GroupDescription></GroupDescription>
    Group
  • Riverbed Optimization System (RiOS) must enforce the assigned privilege level for each administrator and authorizations for access to all commands relative to the privilege level in accordance with applicable policy for the device.

    &lt;VulnDiscussion&gt;To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-ap...
    Rule Medium Severity
  • SRG-APP-000343-NDM-000289

    <GroupDescription></GroupDescription>
    Group
  • Riverbed Optimization System (RiOS) must generate a log event when privileged functions are executed.

    &lt;VulnDiscussion&gt;Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external enti...
    Rule Low Severity
  • SRG-APP-000065-NDM-000214

    <GroupDescription></GroupDescription>
    Group
  • Riverbed Optimization System (RiOS) must enforce the limit of three (3) consecutive invalid logon attempts by a user during a 15-minute time period for device console access.

    &lt;VulnDiscussion&gt;By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise...
    Rule Medium Severity
  • SRG-APP-000065-NDM-000214

    <GroupDescription></GroupDescription>
    Group
  • Riverbed Optimization System (RiOS) must enforce the limit of three (3) consecutive invalid logon attempts by a user during a 15-minute time period for web-based management access.

    &lt;VulnDiscussion&gt;By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise...
    Rule Medium Severity
  • SRG-APP-000345-NDM-000290

    <GroupDescription></GroupDescription>
    Group
  • Riverbed Optimization System (RiOS) must automatically lock the account until the locked account is released by an administrator when three unsuccessful login attempts in 15 minutes are exceeded.

    &lt;VulnDiscussion&gt;By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise...
    Rule Medium Severity
  • SRG-APP-000068-NDM-000215

    <GroupDescription></GroupDescription>
    Group
  • Riverbed Optimization System (RiOS) must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.

    &lt;VulnDiscussion&gt;Display of the DoD-approved use notification before granting access to the network device ensures privacy and security notifi...
    Rule Medium Severity
  • SRG-APP-000001-NDM-000200

    <GroupDescription></GroupDescription>
    Group
  • Riverbed Optimization System (RiOS) must limit the number of concurrent sessions to one (1) for each administrator account and/or administrator account type.

    &lt;VulnDiscussion&gt;Device management includes the ability to control the number of administrators and management sessions that manage a device. ...
    Rule Medium Severity
  • SRG-APP-000295-NDM-000279

    <GroupDescription></GroupDescription>
    Group
  • Riverbed Optimization System (RiOS) must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.

    &lt;VulnDiscussion&gt;Automatic session termination addresses the termination of administrator-initiated logical sessions in contrast to the termin...
    Rule Medium Severity
  • SRG-APP-000101-NDM-000231

    <GroupDescription></GroupDescription>
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules