STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 1 hour ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

Ivanti Connect Secure NDM Security Technical Implementation Guide

Version

V2R3

Release Date

Sep 9, 2025

SCAP Benchmark ID

Ivanti_Connect_Secure_NDM_STIG

Total Checks

29

Tags

other
CAT I: 9CAT II: 20CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSONDownload STIG ZIP

Checks (29)

V-258598HIGHThe ICS must be configured to implement cryptographic mechanisms using a FIPS 140-2/140-3 approved algorithm.V-258599HIGHThe ICS must be configured to send admin log data to a redundant central log server.V-258600HIGHThe ICS must be configured to prevent nonprivileged users from executing privileged functions.V-258601MEDIUMThe ICS must be configured to audit the execution of privileged functions such as accounts additions and changes.V-258602MEDIUMIf SNMP is used, the ICS must be configured to use SNMPv3 with FIPS-140-2/3 validated Keyed-Hash Message Authentication Code (HMAC).V-258603MEDIUMThe ICS must be configured to authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.V-258604MEDIUMThe ICS must be configured to record time stamps for audit records that can be mapped to Greenwich Mean Time (GMT).V-258605MEDIUMThe ICS must be configured to allocate local audit record storage capacity in accordance with organization-defined audit record storage requirements.V-258606MEDIUMThe ICS must be configured to enforce password complexity by requiring that at least one special character be used.V-258607MEDIUMThe ICS must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.V-258608HIGHThe ICS must be configured to terminate after five minutes of inactivity except to fulfill documented and validated mission requirements.V-258609HIGHThe ICS must be configured to use DOD PKI as multifactor authentication (MFA) for interactive logins.V-258610MEDIUMThe ICS must be configured to synchronize internal information system clocks using redundant authoritative time sources.V-258611MEDIUMThe ICS must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.V-258612MEDIUMThe ICS must be configured to support organizational requirements to conduct weekly backups of information system documentation, including security-related documentation.V-258613HIGHThe ICS must be configured to run an operating system release that is currently supported by Ivanti.V-258614MEDIUMThe ICS must be configured to enforce a minimum 15-character password length.V-258615HIGHThe ICS must be configured to transmit only encrypted representations of passwords.V-258616MEDIUMThe ICS must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.V-258617MEDIUMThe ICS must be configured to enforce password complexity by requiring that at least one numeric character be used.V-258618MEDIUMThe ICS must be configured to enforce password complexity by requiring that at least one lowercase character be used.V-258619MEDIUMThe ICS must be configured to enforce password complexity by requiring that at least one uppercase character be used.V-258620HIGHThe ICS must be configured to use DOD approved OCSP responders or CRLs to validate certificates used for PKI-based authentication.V-258621MEDIUMThe ICS must be configured to generate audit records when successful/unsuccessful attempts to access privileges occur.V-258622MEDIUMThe ICS must be configured to limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type.V-258623MEDIUMThe ICS must be configured to display the Standard Mandatory DOD Notice and Consent Banner before granting access to manage the device.V-258624MEDIUMThe ICS must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must block any login attempt for 15 minutes.V-258625MEDIUMThe ICS must be configured to conduct backups of system level information contained in the information system when changes occur.V-268324HIGHThe ICS must be configured to protect against known types of denial-of-service (DoS) attacks by enabling JITC mode.