STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

Xylok Security Suite 20.x Security Technical Implementation Guide

Version

V1R2

Release Date

Dec 4, 2025

SCAP Benchmark ID

Xylok_Security_Suite_20-x_STIG

Total Checks

19

Tags

other
CAT I: 6CAT II: 13CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSONDownload STIG ZIP

Checks (19)

V-269569MEDIUMXylok Security Suite must protect application-specific data.V-269570MEDIUMXylok Security Suite must limit system resources consumed by the application.V-269571MEDIUMXylok Security Suite must initiate a session lock after a 15-minute period of inactivity.V-269572HIGHXylok Security Suite must expire a session upon browser closing.V-269573HIGHXylok Security Suite must prevent access except through HTTPS.V-269574HIGHXylok Security Suite must use a centralized user management solution.V-269575MEDIUMXylok Security Suite must display the Standard Mandatory DOD Notice and Consent Banner before granting access.V-269576MEDIUMXylok Security Suite must protect audit information from any type of unauthorized access.V-269577HIGHXylok Security Suite must be running a supported version.V-269578MEDIUMThe Xylok Security Suite READONLY configuration must be True.V-269579MEDIUMXylok Security Suite must disable nonessential capabilities.V-269580MEDIUMThe Xylok Security Suite configuration for DEBUG must be False.V-269581MEDIUMXylok Security Suite must not allow local user or groups.V-269582MEDIUMThe Xylok Security Suite configuration file must be protected.V-269583MEDIUMXylok Security Suite must audit the enforcement actions used to restrict access associated with changes to it.V-269584MEDIUMXylok Security Suite must only allow the use of DOD Public Key Infrastructure (PKI) established certificate authorities (CAs) for verification of the establishment of protected sessions.V-269585HIGHXylok Security Suite must maintain the confidentiality and disable the use of SMTP.V-269586HIGHXylok Security Suite must use a central log server for auditing records.V-269740MEDIUMXylok Security Suite must use a valid DOD-issued certification.