STIGs Search Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 7 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

HYCU Protege Security Technical Implementation Guide

Version

V1R2

Release Date

Mar 4, 2026

SCAP Benchmark ID

HYCU_Protege_STIG

Total Checks

55

Tags

other

CAT I: 11CAT II: 44CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON Download STIG ZIP

Checks (55)

V-268216MEDIUMThe HYCU virtual appliance must be configured to synchronize internal information system clocks using redundant authoritative time sources.V-268217MEDIUMThe HYCU virtual appliance must not have any default manufacturer passwords when deployed.V-268219MEDIUMThe HYCU virtual appliance must limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type.V-268222HIGHThe HYCU virtual appliance must enforce the assigned privilege level for each administrator and authorizations for access to all commands relative to the privilege level in accordance with applicable policy for the device.V-268223MEDIUMIf the HYCU virtual appliance uses role-based access control, it must enforce organization-defined role-based access control policies over defined subjects and objects.V-268225MEDIUMThe HYCU virtual appliance must enforce approved authorizations for controlling the flow of management information within the appliance based on information flow control policies.V-268226MEDIUMThe HYCU virtual appliance must audit the execution of privileged functions.V-268227MEDIUMThe HYCU virtual appliance must be configured to enforce the limit of three consecutive invalid login attempts, after which time it must block any login attempt for 15 minutes.V-268228MEDIUMThe HYCU virtual appliance must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the device.V-268229MEDIUMThe HYCU virtual appliance must retain the Standard Mandatory DOD Notice and Consent Banner on the screen until the administrator acknowledges the usage conditions and takes explicit actions to log in for further access.V-268231MEDIUMThe HYCU virtual appliance must automatically audit account creation.V-268232MEDIUMThe HYCU virtual appliance must automatically audit account modification.V-268233MEDIUMThe HYCU virtual appliance must automatically audit account disabling actions.V-268234MEDIUMThe HYCU virtual appliance must automatically audit account removal actions.V-268235HIGHThe HYCU virtual appliance must be configured to use DOD-approved online certificate status protocol (OCSP) responders or certificate revocation lists (CRLs) to validate certificates used for PKI-based authentication.V-268236HIGHThe HYCU virtual appliance must be configured to use at least two authentication servers for authenticating users prior to granting administration access.V-268237HIGHThe HYCU virtual appliance must be configured to use DOD PKI as multifactor authentication (MFA) for interactive logins.V-268238MEDIUMThe HYCU virtual appliance must generate audit records when successful/unsuccessful attempts to access privileges occur.V-268239MEDIUMThe HYCU virtual appliance must generate audit records when successful/unsuccessful attempts to modify administrator privileges occur.V-268240MEDIUMThe HYCU virtual appliance must generate audit records when successful/unsuccessful attempts to delete administrator privileges occur.V-268241MEDIUMThe HYCU virtual appliance must generate audit records when successful/unsuccessful login attempts occur.V-268242MEDIUMThe HYCU virtual appliance must generate audit records for privileged activities or other system-level access.V-268244MEDIUMThe HYCU virtual appliance must generate log records for a locally developed list of auditable events.V-268245MEDIUMThe HYCU virtual appliance must produce audit records containing information to establish when events occurred, where events occurred, the source of the event, the outcome of the event, and identity of any individual or process associated with the event.V-268246MEDIUMThe HYCU virtual appliance must generate audit records containing the full-text recording of privileged commands.V-268247MEDIUMThe HYCU virtual appliance must produce audit log records containing sufficient information to establish what type of event occurred.V-268248MEDIUMThe HYCU virtual appliance must initiate session auditing upon startup.V-268249MEDIUMThe HYCU virtual appliance must automatically audit account enabling actions.V-268250MEDIUMThe HYCU virtual appliance must generate audit records showing starting and ending time for administrator access to the system.V-268251MEDIUMThe HYCU virtual appliance must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.V-268252MEDIUMThe HYCU virtual appliance must support organizational requirements to conduct backups of information system documentation, including security-related documentation, when changes occur or weekly, whichever is sooner.V-268253MEDIUMThe HYCU virtual appliance must off-load audit records onto a different system or media than the system being audited.V-268254MEDIUMThe HYCU virtual appliance must generate an immediate real-time alert of all audit failure events requiring real-time alerts.V-268255MEDIUMThe HYCU virtual appliance must protect audit information from unauthorized deletion.V-268256MEDIUMThe HYCU virtual appliance must protect audit tools from unauthorized access, modification, and deletion.V-268257HIGHThe HYCU virtual appliance must be running a release that is currently supported by the vendor.V-268258MEDIUMThe HYCU virtual appliance must obtain its public key certificates from an appropriate certificate policy through an approved service provider.V-268259HIGHThe HYCU virtual appliance must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services.V-268260MEDIUMThe HYCU virtual appliance must implement replay-resistant authentication mechanisms for network access to privileged accounts.V-268262MEDIUMThe HYCU virtual appliance must enforce password complexity by requiring that at least one uppercase character be used.V-268263MEDIUMThe HYCU virtual appliance must enforce password complexity by requiring that at least one lowercase character be used.V-268264MEDIUMThe HYCU virtual appliance must enforce password complexity by requiring that at least one numeric character be used.V-268265MEDIUMThe HYCU virtual appliance must enforce password complexity by requiring that at least one special character be used.V-268266MEDIUMThe HYCU virtual appliance must enforce a minimum 15-character password length.V-268267MEDIUMThe HYCU virtual appliance must require that when a password is changed, the characters are changed in at least eight of the positions within the password.V-268269HIGHThe HYCU virtual appliance must use FIPS 140-2-approved algorithms for authentication to a cryptographic module.V-268270HIGHThe HYCU virtual appliance must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of nonlocal maintenance and diagnostic communications.V-268271HIGHThe HYCU virtual appliance must be configured to implement cryptographic mechanisms using a FIPS 140-2-approved algorithm to protect the confidentiality of remote maintenance sessions.V-268274MEDIUMThe HYCU virtual appliance must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.V-268282MEDIUMThe HYCU virtual appliance must audit the enforcement actions used to restrict access associated with changes to the device.V-268283MEDIUMThe HYCU virtual appliance must prevent the installation of patches, service packs, or application components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization.V-268296MEDIUMThe HYCU virtual appliance must install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).V-268301HIGHThe HYCU virtual appliance must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after five minutes of inactivity except to fulfill documented and validated mission requirements.V-268302MEDIUMThe HYCU virtual appliance must generate unique session identifiers using a FIPS 140-2 approved random number generator.V-268303HIGHThe HYCU virtual appliance must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).