STIGQter: STIG Summary: Symantec ProxySG ALG Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Apr 2020:

Symantec ProxySG providing reverse proxy encryption intermediary services must use NIST FIPS-validated cryptography to implement encryption services.

DISA Rule

SV-104263r1_rule

Vulnerability Number

V-94309

Group Title

SRG-NET-000510-ALG-000111

Rule Version

SYMP-AG-000480

Severity

CAT II

CCI(s)

• CCI-002450 - The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

Weight

10

Fix Recommendation

Configure TLS reverse proxy intermediary services to comply with NIST FIPS-validated cryptography.

1. Verify with the ProxySG administrator that reverse proxy services are configured.
2. Log on to the Web Management Console.
3. Click Configuration >> Services >> Proxy Services.
4. For each reverse proxy service configured, click "Edit Service" and select only NIST FIPS-validated SSL protocols. Click "Apply".
5. Log on to the ProxySG SSH CLI.
6. Type "enable" and enter the enable password.
7. Type "configure" and press "Enter".
8. Type "proxy-services" and press "Enter".
9. For each reverse proxy service identified by the administrator, type "edit <reverse proxy service name".
10. Type "attribute" followed by a list of the desired NIST FIPS-validated cipher suites.

See the Blue Coat Reverse Proxy WebGuide for more information.

Check Contents

Verify that TLS reverse proxy intermediary services are configured to comply with NIST FIPS-validated cryptography.

1. Verify with the ProxySG administrator that reverse proxy services are configured.
2. Log on to the Web Management Console.
3. Click Configuration >> Services >> Proxy Services.
4. For each reverse proxy service identified by the administrator, click "Edit Service" and Verify that only NIST FIPS-validated SSL protocols are enabled.
5. Log on to the ProxySG SSH CLI.
6. Type "enable" and enter the enable password.
7. Type "configure" and press "Enter".
8. Type "proxy-services" and press "Enter".
9. For each reverse proxy service identified by the administrator, type "edit <reverse proxy service name".
10. Type "view" and verify that only NIST FIPS-validated cipher suites are listed.

See the Blue Coat Reverse Proxy WebGuide for more information.

If Symantec ProxySG providing reverse proxy encryption intermediary services does not use NIST FIPS-validated cryptography to implement encryption services, this is a finding.

Vulnerability Number

V-94309

Documentable

False

Rule Version

SYMP-AG-000480

Severity Override Guidance

Verify that TLS reverse proxy intermediary services are configured to comply with NIST FIPS-validated cryptography.

1. Verify with the ProxySG administrator that reverse proxy services are configured.
2. Log on to the Web Management Console.
3. Click Configuration >> Services >> Proxy Services.
4. For each reverse proxy service identified by the administrator, click "Edit Service" and Verify that only NIST FIPS-validated SSL protocols are enabled.
5. Log on to the ProxySG SSH CLI.
6. Type "enable" and enter the enable password.
7. Type "configure" and press "Enter".
8. Type "proxy-services" and press "Enter".
9. For each reverse proxy service identified by the administrator, type "edit <reverse proxy service name".
10. Type "view" and verify that only NIST FIPS-validated cipher suites are listed.

See the Blue Coat Reverse Proxy WebGuide for more information.

If Symantec ProxySG providing reverse proxy encryption intermediary services does not use NIST FIPS-validated cryptography to implement encryption services, this is a finding.

Check Content Reference

M

Target Key

3515

Comments