SV-104259r1_rule
V-94305
SRG-NET-000510-ALG-000025
SYMP-AG-000460
CAT II
10
Configure TLS reverse proxy intermediary services to comply with NIST FIPS-validated cryptography.
1. Verify with the ProxySG administrator that reverse proxy services are configured.
2. Log on to the Web Management Console.
3. Click Configuration >> Services >> Proxy Services.
4. For each reverse proxy service configured, click "Edit Service" and select only NIST FIPS-validated SSL protocols. Click "Apply".
5. Log on to the ProxySG SSH CLI.
6. Type "enable" and enter the enable password.
7. Type "configure" and press "Enter".
8. Type "proxy-services" and press "Enter".
9. For each reverse proxy service identified by the administrator, type "edit <reverse proxy service name".
10. Type "attribute" followed by a list of the desired NIST FIPS-validated cipher suites.
Verify that TLS reverse proxy intermediary services are configured to comply with NIST FIPS-validated cryptography.
1. Verify with the ProxySG administrator that reverse proxy services are configured.
2. Log on to the Web Management Console.
3. Click Configuration >> Services >> Proxy Services.
4. For each reverse proxy service identified by the administrator, click "Edit Service" and Verify that only NIST FIPS-validated SSL protocols are enabled.
5. Log on to the ProxySG SSH CLI.
6. Type "enable" and enter the enable password.
7. Type "configure" and press "Enter".
8. Type "proxy-services" and press "Enter".
9. For each reverse proxy service identified by the administrator, type "edit <reverse proxy service name".
10. Type "view" and verify that only NIST FIPS-validated cipher suites are listed.
If Symantec ProxySG providing reverse proxy encryption intermediary services does not implement NIST FIPS-validated cryptography to generate cryptographic hashes, this is a finding.
V-94305
False
SYMP-AG-000460
Verify that TLS reverse proxy intermediary services are configured to comply with NIST FIPS-validated cryptography.
1. Verify with the ProxySG administrator that reverse proxy services are configured.
2. Log on to the Web Management Console.
3. Click Configuration >> Services >> Proxy Services.
4. For each reverse proxy service identified by the administrator, click "Edit Service" and Verify that only NIST FIPS-validated SSL protocols are enabled.
5. Log on to the ProxySG SSH CLI.
6. Type "enable" and enter the enable password.
7. Type "configure" and press "Enter".
8. Type "proxy-services" and press "Enter".
9. For each reverse proxy service identified by the administrator, type "edit <reverse proxy service name".
10. Type "view" and verify that only NIST FIPS-validated cipher suites are listed.
If Symantec ProxySG providing reverse proxy encryption intermediary services does not implement NIST FIPS-validated cryptography to generate cryptographic hashes, this is a finding.
M
3515