I - Mission Critical Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000435-NDM-000315
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must enable Attack Detection.
<VulnDiscussion>DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot ac...Rule High Severity -
SRG-APP-000148-NDM-000346
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must be configured with only one local account that is used as the account of last resort.
<VulnDiscussion>Authentication for administrative (privileged level) access to the device is required at all times. An account can be created...Rule Medium Severity -
SRG-APP-000033-NDM-000212
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must be configured to enforce user authorization to implement least privilege.
<VulnDiscussion>To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-ap...Rule High Severity -
SRG-APP-000033-NDM-000212
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must configure Web Management Console access restrictions to authorized IP address/ranges.
<VulnDiscussion>It is important that administrative access (SSH, web) to an appliance using the account of last resort be able to be restrict...Rule High Severity -
SRG-APP-000038-NDM-000213
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must be configured to enforce assigned privilege levels for approved administrators when accessing the management console, SSH, and the command line interface (CLI).
<VulnDiscussion>A mechanism to detect and prevent unauthorized communication flow must be configured or provided as part of the system design...Rule Medium Severity -
SRG-APP-000065-NDM-000214
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must be configured to enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.
<VulnDiscussion>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise...Rule Medium Severity -
SRG-APP-000068-NDM-000215
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.
<VulnDiscussion>Display of the DoD-approved use notification before granting access to the network device ensures privacy and security notifi...Rule Low Severity -
SRG-APP-000089-NDM-000221
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must enable event access logging.
<VulnDiscussion>Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events r...Rule Medium Severity -
SRG-APP-000515-NDM-000325
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must be configured to support centralized management and configuration of the audit log.
<VulnDiscussion>Without the ability to centrally manage the content captured in the audit records, identification, troubleshooting, and corre...Rule Medium Severity -
SRG-APP-000360-NDM-000295
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must generate an alert to the console when a log processing failure is detected such as loss of communications with the Central Log Server or log records are no longer being sent.
<VulnDiscussion>It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required....Rule Low Severity -
SRG-APP-000371-NDM-000296
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must compare internal information system clocks at least every 24 hours with an authoritative time server.
<VulnDiscussion>Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the cor...Rule Medium Severity -
SRG-APP-000373-NDM-000298
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources.
<VulnDiscussion>The loss of connectivity to a particular authoritative time source will result in the loss of time synchronization (free-run ...Rule Medium Severity -
SRG-APP-000122-NDM-000239
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must protect the Web Management Console, SSH, and command line interface (CLI) from unauthorized modification.
<VulnDiscussion>Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, pro...Rule Medium Severity -
SRG-APP-000121-NDM-000238
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must protect the Web Management Console, SSH, and command line interface (CLI) from unauthorized access.
<VulnDiscussion>Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, pro...Rule Medium Severity -
SRG-APP-000125-NDM-000241
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must back up event logs onto a different system or system component than the system or component being audited.
<VulnDiscussion>Protection of log data includes assuring log data is not accidentally lost or deleted. Regularly backing up audit records to ...Rule Medium Severity -
SRG-APP-000516-NDM-000338
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must employ automated mechanisms to centrally verify authentication settings.
<VulnDiscussion>The use of authentication servers or other centralized management servers for providing centralized authentication services i...Rule Medium Severity -
SRG-APP-000516-NDM-000336
<GroupDescription></GroupDescription>Group -
Accounts for device management must be configured on the authentication server and not on Symantec ProxySG itself, except for the account of last resort.
<VulnDiscussion>Centralized management of authentication settings increases the security of remote and nonlocal access methods. This control ...Rule Medium Severity -
SRG-APP-000329-NDM-000287
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must use Role-Based Access Control (RBAC) to assign privileges to users for access to files and functions.
<VulnDiscussion>Organizations can create specific roles based on job functions and the authorizations (i.e., privileges) to perform needed op...Rule Medium Severity -
SRG-APP-000516-NDM-000337
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must employ automated mechanisms to centrally apply authentication settings.
<VulnDiscussion>The use of authentication servers or other centralized management servers for providing centralized authentication services i...Rule Medium Severity -
SRG-APP-000516-NDM-000340
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must support organizational requirements to conduct backups of system level information contained in the ProxySG when changes occur or weekly, whichever is sooner.
<VulnDiscussion>System-level information includes default and customized settings and security attributes, including ACLs that relate to the ...Rule Medium Severity -
SRG-APP-000516-NDM-000344
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must obtain its public key certificates from an appropriate certificate policy through an approved service provider.
<VulnDiscussion>For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB p...Rule Medium Severity -
SRG-APP-000268-NDM-000274
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component.
<VulnDiscussion>Predictable failure prevention requires organizational planning to address device failure issues. If components key to mainta...Rule Medium Severity -
SRG-APP-000142-NDM-000245
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must use only approved management services protocols.
<VulnDiscussion>In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e....Rule High Severity -
SRG-APP-000156-NDM-000250
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must implement HTTPS-console to provide replay-resistant authentication mechanisms for network access to privileged accounts.
<VulnDiscussion>A replay attack may enable an unauthorized user to gain access to the application. Authentication sessions between the authen...Rule Medium Severity -
SRG-APP-000395-NDM-000310
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must configure SNMPv3 so that cryptographically-based bidirectional authentication is used.
<VulnDiscussion>Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. B...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.