STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Symantec Edge SWG NDM Security Technical Implementation Guide

V-279269

CAT II (Medium)

The Edge SWG must authenticate Network Time Protocol sources using authentication that is cryptographically based.

Rule ID

SV-279269r1170698_rule

STIG

Symantec Edge SWG NDM Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-001967CCI-004922CCI-004923

Discussion

If Network Time Protocol is not authenticated, an attacker can introduce a rogue NTP server. This rogue server can then be used to send incorrect time information to network devices, which will make log timestamps inaccurate and affect scheduled actions. NTP authentication is used to prevent this tampering by authenticating the time source. Satisfies: SRG-APP-000395-NDM-000347, SRG-APP-000920-NDM-000320, SRG-APP-000925-NDM-000330

Check Content

1. Log in to the Edge SWG SSH CLI.
2. Enter "enable" and "configure terminal".
3. Enter "show ntp". 

If NTP is not enabled, this is a finding.

If there are not two NTP servers in use, this is a finding.

If the two NTP servers are not using SHA1 preshared keys for authentication, this is a finding.

Fix Text

1. Log in to the Edge SWG SSH CLI.
2. Enter "enable" and "configure terminal".
3. Enter "ntp enable".
4. Enter "ntp server <NTP SERVER IP/HOSTNAME> <KEY ID> sha1". 
Note: The key ID must be a number and match the NTP server.
5. When prompted with "key:", enter the hexadecimal SHA preshared key.
6. Repeat these steps for the site's second NTP server.