STIGQter: STIG Summary: Juniper Router NDM Security Technical Implementation Guide Version: 1 Release: 5 Benchmark Date: 24 Jul 2020:

The Juniper router must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions.

DISA Rule

SV-101271r1_rule

Vulnerability Number

V-91171

Group Title

SRG-APP-000412-NDM-000331

Rule Version

JUNI-ND-001200

Severity

CAT I

CCI(s)

• CCI-003123 - The information system implements cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications.

Weight

10

Fix Recommendation

Configure the router to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions using a FIPS 140-2 approved algorithm as shown in the example below.

[edit system services]
set ssh ciphers aes128-cbc

Check Contents

Review the router configuration to verify that it is compliant with this requirement.

system {
…
…
…
}
services {
ssh {
protocol-version v2;
ciphers aes128-cbc;
}
}

If the router is not configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions using a FIPS 140-2 approved algorithm, this is a finding.

Vulnerability Number

V-91171

Documentable

False

Rule Version

JUNI-ND-001200

Severity Override Guidance

Review the router configuration to verify that it is compliant with this requirement.

system {
…
…
…
}
services {
ssh {
protocol-version v2;
ciphers aes128-cbc;
}
}

If the router is not configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions using a FIPS 140-2 approved algorithm, this is a finding.

Check Content Reference

M

Target Key

3381

Comments