STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

DBN-6300 IDPS Security Technical Implementation Guide

Version

V1R2

Release Date

Jun 10, 2024

SCAP Benchmark ID

DB_Networks_DBN_6300_IDPS_STIG

Total Checks

17

Tags

other
CAT I: 1CAT II: 16CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSONDownload STIG ZIP

Checks (17)

V-237556MEDIUMIn the event of a logging failure, caused by loss of communications with the central logging server, the DBN-6300 must queue audit records locally until communication is restored or until the audit records are retrieved manually or using automated synchronization tools.V-237557MEDIUMIn the event of a logging failure caused by the lack of log record storage capacity, the DBN-6300 must continue generating and storing audit records if possible, overwriting the oldest audit records in a first-in-first-out manner.V-237558MEDIUMThe DBN-6300 must generate log events for detection events based on anomaly analysis.V-237559MEDIUMThe DBN-6300 must install system updates when new releases are available in accordance with organizational configuration management policy and procedures.V-237560MEDIUMTo help detect unauthorized data mining, the DBN-6300 must detect code injection attacks launched against data storage objects, including, at a minimum, databases, database records, queries, and fields.V-237561MEDIUMTo protect against unauthorized data mining, the DBN-6300 must monitor for and detect SQL injection attacks launched against data storage objects, including, at a minimum, databases, database records, and database fields.V-237562MEDIUMTo protect against unauthorized data mining, the DBN-6300 must detect SQL code injection attacks launched against data storage objects, including, at a minimum, databases, database records, queries, and fields.V-237563MEDIUMTo protect against unauthorized data mining, the DBN-6300 must detect code injection attacks launched against application objects including, at a minimum, application URLs and application code/input fields.V-237564MEDIUMTo protect against unauthorized data mining, the DBN-6300 must detect SQL injection attacks launched against data storage objects, including, at a minimum, databases, database records, and database fields.V-237565MEDIUMThe DBN-6300 must support centralized management and configuration of the content captured in audit records generated by all DBN-6300 components.V-237566MEDIUMThe DBN-6300 must off-load log records to a centralized log server.V-237567MEDIUMThe DBN-6300 must integrate with a network-wide monitoring capability.V-237568MEDIUMThe DBN-6300 must continuously monitor inbound communications traffic between the application tier and the database tier for unusual/unauthorized activities or conditions at the SQL level.V-237569MEDIUMThe DBN-6300 must off-load log records to a centralized log server in real time.V-237570MEDIUMWhen implemented for protection of the database tier, the DBN-6300 must be logically connected for maximum database traffic visibility.V-237571MEDIUMWhen implemented for discovery protection against unidentified or rogue databases, the DBN-6300 must provide a catalog of all visible databases and database services.V-264430HIGHThe DBN-6300 IDPS must be using a version supported by the vendor.