Rule ID
SV-268324r1136874_rule
Version
V2R3
CCIs
This configuration protects the confidentiality of Web UI sessions and guards against DoS attacks. If JITC Mode is enabled, the following protections are enforced: - Log support for detection and prevention of SMURF/SYN Flood/SSL Replay Attack. - Disable ICMPv6 echo response for multicast echo request. - Disable ICMPv6 destination unreachable response. - Password Strengthening. - Notification for unsuccessful admin login attempts. - Reauthentication of admin users. - Notification on admin status change. - Disable Roaming Sessions. - Disable Split Tunneling. - IP Lockout restrictions. - Disable Allowing Saving Login Information. - Disable Persistent Sessions. - Remove Browser Session Cookie. - Enable Server Certificate Trust Enforcement. When JITC and FIPS mode are enabled, this enables DoS attacks such as flooding and replay attack audit logs inherently. JITC and FIPS mode are required for ICS use in DOD. When the NDcPP option is enabled, only NDcPP approved crypto algorithms are allowed.
In the ICS Web UI, navigate to System >> Configuration >> Security >> Inbound SSL Options. 1. Verify "Turn on JITC mode" checkbox is enabled (checked). 2. Verify "Turn on NDcPP mode" checkbox is enabled (checked). If JITC mode is not enabled, this is a finding.
In the ICS Web UI, navigate to System >> Configuration >> Security >> Inbound SSL Options. 1. Under "DOD Certification Option", check (enabled) "Turn on JITC mode" to enable the JITC mode security features. 2. Once "Turn on JITC mode" is checked, "Turn on NDcPP mode" and "Turn on FIPS mode" are also checked automatically. 3. Click "Save changes" and confirm after the web UI asks for SSL cipher configuration changes.