STIGQter STIGQter: STIG Summary: Juniper Router NDM Security Technical Implementation Guide Version: 1 Release: 5 Benchmark Date: 24 Jul 2020:

The Juniper router must be configured to support organizational requirements to conduct backups of the configuration when changes occur.

DISA Rule

SV-101291r1_rule

Vulnerability Number

V-91191

Group Title

SRG-APP-000516-NDM-000340

Rule Version

JUNI-ND-001400

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the router to send the configuration to an SCP server up a commit command as shown in the example below.

set archival configuration transfer-on-commit archive-sites scp://scpuser@1.2.3.4:/configs" password "xxxxxxxx"

Check Contents

Review the router configuration to verify that it is compliant with this requirement. The example configuration below will send the router configuration to an SCP server upon the commit command.

system {



archival {
configuration {
transfer-on-commit;
archive-sites {
"scp://scpuser@1.2.3.4:/configs" password "$9$CMJKpu1LX-bwgBIYo"; ## SECRET-DATA
}
}
}
}

If the router is not configured to conduct backups of the configuration when changes occur, this is a finding.

Vulnerability Number

V-91191

Documentable

False

Rule Version

JUNI-ND-001400

Severity Override Guidance

Review the router configuration to verify that it is compliant with this requirement. The example configuration below will send the router configuration to an SCP server upon the commit command.

system {



archival {
configuration {
transfer-on-commit;
archive-sites {
"scp://scpuser@1.2.3.4:/configs" password "$9$CMJKpu1LX-bwgBIYo"; ## SECRET-DATA
}
}
}
}

If the router is not configured to conduct backups of the configuration when changes occur, this is a finding.

Check Content Reference

M

Target Key

3381

Comments