Skip to content
Log In

Riverbed SteelHead CX v8 NDM Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000001-NDM-000200

    Group
    Show

  • SRG-APP-000295-NDM-000279

    Group
    Show

  • SRG-APP-000101-NDM-000231

    Group
    Show

  • Riverbed Optimization System (RiOS) must generate audit records containing the full-text recording of privileged commands.

    Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information. Organizations consider limiting the additional audit information to only ...
    Rule Medium Severity
    Show

  • SRG-APP-000360-NDM-000295

    Group
    Show

  • Riverbed Optimization System (RiOS) must generate an email alert of all log failure events requiring alerts.

    It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impe...
    Rule Medium Severity
    Show

  • SRG-APP-000108-NDM-000232

    Group
    Show

  • SRG-APP-000374-NDM-000299

    Group
    Show

  • Riverbed Optimization System (RiOS) must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC).

    If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analysis. Time stamps generated by the application include date and time. Tim...
    Rule Medium Severity
    Show

  • SRG-APP-000118-NDM-000235

    Group
    Show

  • SRG-APP-000119-NDM-000236

    Group
    Show

  • Riverbed Optimization System (RiOS) must protect audit information from unauthorized modification.

    Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit network device activity. If audit data were to become compromised, ...
    Rule Medium Severity
    Show

  • SRG-APP-000120-NDM-000237

    Group
    Show

  • SRG-APP-000121-NDM-000238

    Group
    Show

  • Riverbed Optimization System (RiOS) must protect audit tools from unauthorized access.

    Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on au...
    Rule Medium Severity
    Show

  • SRG-APP-000123-NDM-000240

    Group
    Show

  • SRG-APP-000089-NDM-000221

    Group
    Show

  • Riverbed Optimization System (RiOS) must provide audit record generation capability for DoD-defined auditable events within the network device.

    Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit re...
    Rule Medium Severity
    Show

  • SRG-APP-000090-NDM-000222

    Group
    Show

  • Riverbed Optimization System (RiOS) must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be logged.

    Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel may be able to prevent the auditing of critical events. Misconfigured audi...
    Rule Medium Severity
    Show

  • SRG-APP-000373-NDM-000298

    Group
    Show

  • SRG-APP-000381-NDM-000305

    Group
    Show

  • Riverbed Optimization System (RiOS) must enforce password complexity by requiring that at least one numeric character be used.

    Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...
    Rule Medium Severity
    Show

  • SRG-APP-000169-NDM-000257

    Group
    Show

  • SRG-APP-000516-NDM-000317

    Group
    Show

  • Riverbed Optimization System (RiOS) must enable the password authentication control policy to ensure password complexity controls and other password policy requirements are enforced.

    Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
    Rule Medium Severity
    Show

  • SRG-APP-000516-NDM-000336

    Group
    Show

  • Riverbed Optimization System (RiOS) must employ automated mechanisms to centrally manage authentication settings.

    The use of authentication servers or other centralized management servers for providing centralized authentication services is required for network device management. Maintaining local administrato...
    Rule Medium Severity
    Show

  • SRG-APP-000516-NDM-000337

    Group
    Show

  • Riverbed Optimization System (RiOS) must employ automated mechanisms to centrally apply authentication settings.

    The use of authentication servers or other centralized management servers for providing centralized authentication services is required for network device management. Maintaining local administrato...
    Rule Medium Severity
    Show

  • SRG-APP-000516-NDM-000338

    Group
    Show

  • SRG-APP-000142-NDM-000245

    Group
    Show

  • SRG-APP-000516-NDM-000341

    Group
    Show

  • Riverbed Optimization System (RiOS) must back up the system configuration files when configuration changes are made to the device.

    Information system backup is a critical step in maintaining data assurance and availability. Information system and security-related documentation contains information pertaining to system configur...
    Rule Medium Severity
    Show

  • SRG-APP-000156-NDM-000250

    Group
    Show

  • Riverbed Optimization System (RiOS) must implement replay-resistant authentication mechanisms for network access to privileged accounts.

    A replay attack may enable an unauthorized user to gain access to the application. Authentication sessions between the authenticator and the application validating the user credentials must not be ...
    Rule Medium Severity
    Show

  • SRG-APP-000395-NDM-000310

    Group
    Show

  • Riverbed Optimization System (RiOS) must authenticate network management endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.

    Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. Bidirectional authentication provides stronger safeguards to validate the...
    Rule Medium Severity
    Show

  • SRG-APP-000395-NDM-000310

    Group
    Show

  • SRG-APP-000395-NDM-000310

    Group
    Show

  • Riverbed Optimization System (RiOS) must authenticate NTP server before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.

    Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. Bidirectional authentication provides stronger safeguards to validate the...
    Rule Medium Severity
    Show

  • SRG-APP-000164-NDM-000252

    Group
    Show

  • Riverbed Optimization System (RiOS) must enforce a minimum 15-character password length.

    Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one factor of several that helps to d...
    Rule Medium Severity
    Show

  • SRG-APP-000166-NDM-000254

    Group
    Show

  • Riverbed Optimization System (RiOS) must enforce password complexity by requiring that at least one upper-case character be used.

    Use of a complex passwords helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisti...
    Rule Medium Severity
    Show

  • SRG-APP-000167-NDM-000255

    Group
    Show

  • Riverbed Optimization System (RiOS) must enforce password complexity by requiring that at least one lower-case character be used.

    Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...
    Rule Medium Severity
    Show

  • SRG-APP-000170-NDM-000329

    Group
    Show

  • Riverbed Optimization System (RiOS) must require that when a password is changed, the characters are changed in at least 15 of the positions within the password.

    If the application allows the user to consecutively reuse extensive portions of passwords, this increases the chances of password compromise by increasing the window of opportunity for attempts at ...
    Rule Medium Severity
    Show

  • SRG-APP-000174-NDM-000261

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules