Ivanti Sentry 9.x NDM Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000164-NDM-000252
Group -
Sentry device must enforce a minimum 15-character password length.
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one factor of several that helps to d...Rule Medium Severity -
SRG-APP-000166-NDM-000254
Group -
Sentry must enforce password complexity by requiring that at least one uppercase character be used.
Use of a complex passwords helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisti...Rule Medium Severity -
SRG-APP-000167-NDM-000255
Group -
SRG-APP-000395-NDM-000310
Group -
SRG-APP-000168-NDM-000256
Group -
Sentry must enforce password complexity by requiring that at least one numeric character be used.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...Rule Medium Severity -
SRG-APP-000169-NDM-000257
Group -
Sentry must enforce password complexity by requiring that at least one special character be used.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...Rule Medium Severity -
SRG-APP-000177-NDM-000263
Group -
SRG-APP-000179-NDM-000265
Group -
Sentry must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.
Without syslog enabled it will be difficult for an ISSO to correlate the users behavior and identify potential threats within the logs.Rule High Severity -
SRG-APP-000516-NDM-000351
Group -
SRG-APP-000190-NDM-000267
Group -
SRG-APP-000224-NDM-000270
Group -
Sentry must generate unique session identifiers using a FIPS 140-2 approved random number generator.
Sequentially generated session IDs can be easily guessed by an attacker. Employing the concept of randomness in the generation of unique session identifiers helps to protect against brute-force att...Rule Medium Severity -
SRG-APP-000360-NDM-000295
Group -
Sentry must generate an immediate real-time alert of all audit failure events requiring real-time alerts.
It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impe...Rule Low Severity -
SRG-APP-000373-NDM-000298
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.