STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 4 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

Symantec ProxySG NDM Security Technical Implementation Guide

Version

V1R2

Release Date

Dec 20, 2019

SCAP Benchmark ID

Symantec_ProxySG_NDM_STIG

Total Checks

32

Tags

other

CAT I: 9CAT II: 21CAT III: 2

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON Download STIG ZIP

Checks (32)

V-94413HIGHSymantec ProxySG must enable Attack Detection.V-94653MEDIUMSymantec ProxySG must be configured with only one local account that is used as the account of last resort.V-94655HIGHSymantec ProxySG must be configured to enforce user authorization to implement least privilege.V-94657HIGHSymantec ProxySG must configure Web Management Console access restrictions to authorized IP address/ranges.V-94659MEDIUMSymantec ProxySG must be configured to enforce assigned privilege levels for approved administrators when accessing the management console, SSH, and the command line interface (CLI).V-94661MEDIUMSymantec ProxySG must be configured to enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.V-94663LOWSymantec ProxySG must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.V-94665MEDIUMSymantec ProxySG must enable event access logging.V-94667MEDIUMSymantec ProxySG must be configured to support centralized management and configuration of the audit log.V-94669LOWSymantec ProxySG must generate an alert to the console when a log processing failure is detected such as loss of communications with the Central Log Server or log records are no longer being sent.V-94671MEDIUMSymantec ProxySG must compare internal information system clocks at least every 24 hours with an authoritative time server.V-94673MEDIUMSymantec ProxySG must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources.V-94675MEDIUMSymantec ProxySG must protect the Web Management Console, SSH, and command line interface (CLI) from unauthorized modification.V-94677MEDIUMSymantec ProxySG must protect the Web Management Console, SSH, and command line interface (CLI) from unauthorized access.V-94679MEDIUMSymantec ProxySG must back up event logs onto a different system or system component than the system or component being audited.V-94681MEDIUMSymantec ProxySG must employ automated mechanisms to centrally verify authentication settings.V-94683MEDIUMAccounts for device management must be configured on the authentication server and not on Symantec ProxySG itself, except for the account of last resort.V-94685MEDIUMSymantec ProxySG must use Role-Based Access Control (RBAC) to assign privileges to users for access to files and functions.V-94687MEDIUMSymantec ProxySG must employ automated mechanisms to centrally apply authentication settings.V-94689MEDIUMSymantec ProxySG must support organizational requirements to conduct backups of system level information contained in the ProxySG when changes occur or weekly, whichever is sooner.V-94691MEDIUMSymantec ProxySG must obtain its public key certificates from an appropriate certificate policy through an approved service provider.V-94693MEDIUMSymantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component.V-94695HIGHSymantec ProxySG must use only approved management services protocols.V-94697MEDIUMSymantec ProxySG must implement HTTPS-console to provide replay-resistant authentication mechanisms for network access to privileged accounts.V-94699MEDIUMSymantec ProxySG must configure SNMPv3 so that cryptographically-based bidirectional authentication is used.V-94701MEDIUMSymantec ProxySG must be configured to enforce a minimum 15-character password length for local accounts.V-94703HIGHSymantec ProxySG must transmit only encrypted representations of passwords.V-94705MEDIUMSymantec ProxySG must not have a default manufacturer passwords when deployed.V-94707HIGHSymantec ProxySG must be configured to use only FIPS 140-2 approved algorithms for authentication to a cryptographic module with any application or protocol.V-94709HIGHThe Symantec ProxySG Web Management Console and SSH sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications.V-94711HIGHThe Symantec ProxySG must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of nonlocal maintenance and diagnostic communications.V-94713HIGHSymantec ProxySG must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.