STIGQter: STIG Summary: Symantec ProxySG ALG Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Apr 2020:

Symantec ProxySG providing user authentication intermediary services must implement multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.

DISA Rule

SV-104241r2_rule

Vulnerability Number

V-94287

Group Title

SRG-NET-000340-ALG-000091

Rule Version

SYMP-AG-000360

Severity

CAT II

CCI(s)

• CCI-001948 - The information system implements multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.

Weight

10

Fix Recommendation

Configure an approved method of multifactor authentication (such as CAC certificate authentication).

1. Log on to the Web Management Console.
2. Browse to Configuration >> Authentication.
3. Configure at least one multifactor method (such as CAC certificate authentication) per the ProxySG Administration Guide (CAC Certificate authentication configuration is covered in Chapter 52: Certificate Realm Authentication and Chapter 58: LDAP Realm Authentication).

Check Contents

Multiple methods of multifactor authentication are supported. Verify that an approved method is configured (such as CAC certificate authentication).

1. Log on to the Web Management Console.
2. Browse to Configuration >> Authentication.
3. Click each of the above authentication mechanisms and Verify that at least one approved multifactor authentication method is configured.

If Symantec ProxySG providing user authentication intermediary services does not implement multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access, this is a finding.

Vulnerability Number

V-94287

Documentable

False

Rule Version

SYMP-AG-000360

Severity Override Guidance

Multiple methods of multifactor authentication are supported. Verify that an approved method is configured (such as CAC certificate authentication).

1. Log on to the Web Management Console.
2. Browse to Configuration >> Authentication.
3. Click each of the above authentication mechanisms and Verify that at least one approved multifactor authentication method is configured.

If Symantec ProxySG providing user authentication intermediary services does not implement multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access, this is a finding.

Check Content Reference

M

Target Key

3515

Comments