STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

RUCKUS ICX NDM Security Technical Implementation Guide

Version

V1R1

Release Date

May 28, 2025

SCAP Benchmark ID

RUCKUS_ICX_NDM_STIG

Total Checks

25

Tags

other
CAT I: 7CAT II: 18CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSONDownload STIG ZIP

Checks (25)

V-273784HIGHThe RUCKUS ICX device must be configured to assign appropriate user roles or access levels to authenticated users.V-273785MEDIUMThe RUCKUS ICX device must enforce approved authorizations for controlling the flow of management information within the network device based on information flow control policies.V-273786MEDIUMThe RUCKUS ICX device must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must block any login attempt for 15 minutes.V-273787MEDIUMThe RUCKUS ICX device must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the device.V-273788MEDIUMThe RUCKUS ICX device must initiate session auditing upon startup.V-273789MEDIUMThe RUCKUS ICX device must generate audit records containing the full-text recording of privileged commands.V-273798HIGHThe RUCKUS ICX device must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or servicesV-273799MEDIUMThe RUCKUS ICX device must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.V-273802MEDIUMThe RUCKUS ICX device must enforce password complexity and length requirements.V-273808HIGHThe RUCKUS ICX device must use FIPS 140-2/140-3 approved algorithms for authentication to a cryptographic module.V-273809HIGHThe RUCKUS ICX device must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after five minutes of inactivity except to fulfill documented and validated mission requirements.V-273820MEDIUMThe RUCKUS ICX device must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.V-273821MEDIUMThe RUCKUS ICX device must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).V-273825MEDIUMThe RUCKUS ICX device must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).V-273826MEDIUMThe RUCKUS ICX device must authenticate Network Time Protocol sources using authentication that is cryptographically based.V-273829MEDIUMThe RUCKUS ICX device must be configured to protect against known types of denial-of-service (DoS) attacks by employing organization-defined security safeguards.V-273830MEDIUMSecurity-relevant firmware updates must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).V-273832MEDIUMThe RUCKUS ICX device must off-load audit records onto a different system or media than the system being audited.V-273835HIGHThe RUCKUS ICX device must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access.V-273838MEDIUMThe RUCKUS ICX device must obtain its public key certificates from an appropriate certificate policy through an approved service provider.V-273839HIGHThe RUCKUS ICX device must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).V-273840HIGHThe RUCKUS ICX device must be running an operating system release that is currently supported by the vendor.V-273848MEDIUMThe RUCKUS ICX device must be configured to include only approved trust anchors in trust stores or certificate stores managed by the organization.V-273850MEDIUMThe RUCKUS ICX device must be configured to synchronize system clocks within and between systems or system components.V-273851MEDIUMThe RUCKUS ICX device must be configured to compare the internal system clocks on an organization-defined frequency with two organization-defined authoritative time sources.