Skip to content
Log In

III - Administrative Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-NET-000053

    Group
    Show

  • The Juniper SRX Services Gateway VPN must limit the number of concurrent sessions for user accounts to one (1) and administrative accounts to three (3), or set to an organization-defined number.

    Network element management includes the ability to control the number of users and user sessions that utilize a network element. Limiting the number of allowed users and sessions per user is helpfu...
    Rule Medium Severity
    Show

  • SRG-NET-000517

    Group
    Show

  • The Juniper SRX Services Gateway VPN must renegotiate the IPsec security association after 8 hours or less.

    The IPsec SA and its corresponding key will expire either after the number of seconds or amount of traffic volume has exceeded the configured limit. A new SA is negotiated before the lifetime thres...
    Rule Medium Severity
    Show

  • SRG-NET-000517

    Group
    Show

  • The Juniper SRX Services Gateway VPN must renegotiate the IKE security association after 24 hours or less.

    When a VPN gateway creates an IPsec Security Association (SA), resources must be allocated to maintain the SA. These resources are wasted during periods of IPsec endpoint inactivity, which could re...
    Rule Medium Severity
    Show

  • SRG-NET-000061

    Group
    Show

  • The Juniper SRX Services Gateway VPN device also fulfills the role of IDPS in the architecture, the device must inspect the VPN traffic in compliance with DoD IDPS requirements.

    Remote access devices, such as those providing remote access to network devices and information systems, which lack automated, capabilities increase risk and makes remote user access management dif...
    Rule Medium Severity
    Show

  • SRG-NET-000062

    Group
    Show

  • The Juniper SRX Services Gateway VPN must use AES256 for the IPsec proposal to protect the confidentiality of remote access sessions.

    Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. The Advance Encryption Standard (AES) encryption is cri...
    Rule High Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules