STIGs Search Compare About

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
Compare Versions

Resources

About
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

DBN-6300 NDM Security Technical Implementation Guide

Version

V1R2

Release Date

Jun 17, 2024

SCAP Benchmark ID

DB_Networks_DBN_6300_NDM_STIG

Total Checks

59

Tags

other

CAT I: 5CAT II: 42CAT III: 12

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON Download STIG ZIP

Checks (59)

V-255529HIGHThe DBN-6300 must provide automated support for account management functions.V-255530MEDIUMThe DBN-6300 must automatically audit account creation.V-255531MEDIUMThe DBN-6300 must automatically audit account modification.V-255532MEDIUMThe DBN-6300 must automatically audit account removal actions.V-255533MEDIUMThe DBN-6300 must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.V-255534LOWThe DBN-6300 must protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation.V-255535MEDIUMThe DBN-6300 must provide audit record generation capability for DoD-defined auditable events within the DBN-6300.V-255536LOWThe DBN-6300 must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be generated and forwarded to the audit log.V-255537MEDIUMThe DBN-6300 must generate log records when successful attempts to access privileges occur.V-255538LOWThe DBN-6300 must initiate session auditing upon startup.V-255539LOWThe DBN-6300 must produce audit log records containing sufficient information to establish what type of event occurred.V-255540LOWThe DBN-6300 must produce audit records containing information to establish when (date and time) the events occurred.V-255541LOWThe DBN-6300 must produce audit records containing information to establish where the events occurred.V-255542LOWThe DBN-6300 must produce audit log records containing information to establish the source of events.V-255543LOWThe DBN-6300 must produce audit records that contain information to establish the outcome of the event.V-255544LOWThe DBN-6300 must generate audit records containing information that establishes the identity of any individual or process associated with the event.V-255545LOWThe DBN-6300 must generate audit records containing the full-text recording of privileged commands.V-255546MEDIUMThe DBN-6300 must use internal system clocks to generate time stamps for audit records.V-255547LOWThe DBN-6300 must back up audit records at least every seven days onto a different system or system component than the system or component being audited.V-255548HIGHThe DBN-6300 must uniquely identify and authenticate organizational administrators (or processes acting on behalf of organizational administrators).V-255549MEDIUMThe DBN-6300 must use multifactor authentication for network access (remote and nonlocal) to privileged accounts.V-255550MEDIUMThe DBN-6300 must use multifactor authentication for local access to privileged accounts.V-255551MEDIUMThe DBN-6300 must implement replay-resistant authentication mechanisms for network access to privileged accounts.V-255552MEDIUMThe DBN-6300 must enforce a minimum 15-character password length.V-255553MEDIUMThe DBN-6300 must prohibit password reuse for a minimum of five generations.V-255554MEDIUMIf multifactor authentication is not supported and passwords must be used, the DBN-6300 must enforce password complexity by requiring that at least one upper-case character be used.V-255555MEDIUMIf multifactor authentication is not supported and passwords must be used, the DBN-6300 must enforce password complexity by requiring that at least one lower-case character be used.V-255556MEDIUMIf multifactor authentication is not supported and passwords must be used, the DBN-6300 must enforce password complexity by requiring that at least one numeric character be used.V-255557MEDIUMIf multifactor authentication is not supported and passwords must be used, the DBN-6300 must enforce password complexity by requiring that at least one special character be used.V-255558MEDIUMThe DBN-6300 must enforce 24 hours/1 day as the minimum password lifetime.V-255559MEDIUMThe DBN-6300 must enforce a 60-day maximum password lifetime restriction.V-255560HIGHThe DBN-6300 must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.V-255561MEDIUMThe DBN-6300 must reveal error messages only to authorized individuals (ISSO, ISSM, and SA).V-255562MEDIUMThe DBN-6300 must activate a system alert message, send an alarm, and/or automatically shut down when a component failure is detected.V-255563MEDIUMThe DBN-6300 must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.V-255564MEDIUMThe DBN-6300 must automatically audit account enabling actions.V-255565MEDIUMThe DBN-6300 must be compliant with at least one IETF Internet standard authentication protocol.V-255566MEDIUMThe DBN-6300 must audit the execution of privileged functions.V-255567LOWThe DBN-6300 must provide the capability for organization-identified individuals or roles to change the auditing to be performed based on all selectable event criteria within near real time.V-255568MEDIUMThe DBN-6300 must compare internal information system clocks at least every 24 hours with an authoritative time server.V-255569MEDIUMThe DBN-6300 must synchronize its internal system clock to the NTP server when the time difference is greater than one second.V-255570MEDIUMThe DBN-6300 must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC).V-255571MEDIUMThe DBN-6300 must record time stamps for audit records that meet a granularity of one second for a minimum degree of precision.V-255572MEDIUMThe DBN-6300 must audit the enforcement actions used to restrict access associated with changes to the device.V-255573MEDIUMApplications used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications.V-255574MEDIUMApplications used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications.V-255575MEDIUMThe DBN-6300 must generate audit records when successful/unsuccessful attempts to modify administrator privileges occur.V-255576MEDIUMThe DBN-6300 must generate audit records when successful/unsuccessful attempts to delete administrator privileges occur.V-255577MEDIUMThe DBN-6300 must generate audit records when successful/unsuccessful logon attempts occur.V-255578MEDIUMThe DBN-6300 must generate audit records for privileged activities or other system-level access.V-255579MEDIUMThe DBN-6300 must generate audit records showing starting and ending time for administrator access to the system.V-255580MEDIUMThe DBN-6300 must generate audit records when concurrent logons from different workstations occur.V-255581MEDIUMThe DBN-6300 must generate audit records for all account creation, modification, disabling, and termination events.V-255582MEDIUMThe DBN-6300 must off-load audit records onto a different system or media than the system being audited.V-255583MEDIUMThe DBN-6300 must generate audit log events for a locally developed list of auditable events.V-255584MEDIUMAccounts for device management must be configured on the authentication server and not the network device itself, except for the account of last resort.V-255585MEDIUMThe DBN-6300 must obtain its public key certificates from an appropriate certificate policy through an approved service provider.V-255586HIGHThe DBN-6300 must be configured to send log data to a syslog server for the purpose of forwarding alerts to the administrators and the ISSO.V-264431HIGHThe DBN-6300 NDM must be using a version supported by the vendor.