Skip to content

Symantec ProxySG NDM Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Symantec ProxySG must transmit only encrypted representations of passwords.

    <VulnDiscussion>Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are...
    Rule High Severity
  • SRG-APP-000080-NDM-000345

    <GroupDescription></GroupDescription>
    Group
  • Symantec ProxySG must enable Attack Detection.

    &lt;VulnDiscussion&gt;DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot ac...
    Rule High Severity
  • SRG-APP-000148-NDM-000346

    <GroupDescription></GroupDescription>
    Group
  • Symantec ProxySG must employ automated mechanisms to centrally verify authentication settings.

    &lt;VulnDiscussion&gt;The use of authentication servers or other centralized management servers for providing centralized authentication services i...
    Rule Medium Severity
  • SRG-APP-000068-NDM-000215

    <GroupDescription></GroupDescription>
    Group
  • Symantec ProxySG must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.

    &lt;VulnDiscussion&gt;Display of the DoD-approved use notification before granting access to the network device ensures privacy and security notifi...
    Rule Low Severity
  • SRG-APP-000089-NDM-000221

    <GroupDescription></GroupDescription>
    Group
  • SRG-APP-000516-NDM-000336

    <GroupDescription></GroupDescription>
    Group
  • Symantec ProxySG must enable event access logging.

    &lt;VulnDiscussion&gt;Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events r...
    Rule Medium Severity
  • SRG-APP-000515-NDM-000325

    <GroupDescription></GroupDescription>
    Group
  • Accounts for device management must be configured on the authentication server and not on Symantec ProxySG itself, except for the account of last resort.

    &lt;VulnDiscussion&gt;Centralized management of authentication settings increases the security of remote and nonlocal access methods. This control ...
    Rule Medium Severity
  • SRG-APP-000329-NDM-000287

    <GroupDescription></GroupDescription>
    Group
  • Symantec ProxySG must protect the Web Management Console, SSH, and command line interface (CLI) from unauthorized modification.

    &lt;VulnDiscussion&gt;Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, pro...
    Rule Medium Severity
  • SRG-APP-000121-NDM-000238

    <GroupDescription></GroupDescription>
    Group
  • Symantec ProxySG must protect the Web Management Console, SSH, and command line interface (CLI) from unauthorized access.

    &lt;VulnDiscussion&gt;Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, pro...
    Rule Medium Severity
  • SRG-APP-000125-NDM-000241

    <GroupDescription></GroupDescription>
    Group
  • Symantec ProxySG must back up event logs onto a different system or system component than the system or component being audited.

    &lt;VulnDiscussion&gt;Protection of log data includes assuring log data is not accidentally lost or deleted. Regularly backing up audit records to ...
    Rule Medium Severity
  • SRG-APP-000435-NDM-000315

    <GroupDescription></GroupDescription>
    Group
  • SRG-APP-000516-NDM-000338

    <GroupDescription></GroupDescription>
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules