STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Palo Alto Networks NDM Security Technical Implementation Guide

V-228655

CAT II (Medium)

The Palo Alto Networks security platform must prohibit the use of unencrypted protocols for network access to privileged accounts.

Rule ID

SV-228655r961029_rule

STIG

Palo Alto Networks NDM Security Technical Implementation Guide

Version

V3R3

CCIs

CCI-000197

Discussion

Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. Network devices can accomplish this by making direct function calls to encryption modules or by leveraging operating system encryption capabilities.

Check Content

Go to Device >> Setup >> Management
View the "Management Interface Settings" pane.
If either Telnet or HTTP is listed in the "Services" field, this is a finding.

Fix Text

Go to Device >> Setup >> Management
In the "Management Interface Settings" window, select the "Edit" icon (the gear symbol in the upper-right corner of the pane).  In the "Management Interface Settings" window, make sure that HTTP and Telnet are not checked (enabled). 
If they are not checked, select either "OK" or "Cancel".
If either one is checked, select the check box to disable it, then select "OK".
If any changes were made, commit changes by selecting "Commit" in the upper-right corner of the screen.
Select "OK" when the confirmation dialog appears.