STIGQter: STIG Summary: SEL-2740S NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 02 May 2019:

The SEL-2740S must authenticate Network Time Protocol sources using authentication that is cryptographically based.

DISA Rule

SV-104419r2_rule

Vulnerability Number

V-94589

Group Title

SRG-APP-000395-NDM-000347

Rule Version

SELS-ND-001025

Severity

CAT II

CCI(s)

• CCI-001967 - The information system authenticates organization-defined devices and/or types of devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.

Weight

10

Fix Recommendation

Deploy the NTP server within the private network. Provision both the physical path and redundant path between the switch and NTP server to ensure NTP packets only traverse the private network. Use multilayer packet inspection at each hop of the switches to whitelist only the intended NTP clients and server can communicate to each other.

Check Contents

Verify NTP packets only traverse on the private network by traffic engineering both the physical path and redundant path between switch and NTP server.

1. Login to the OTSDN Controller with permission Level 3 rights into parent.
2. Go to the Configuration Objects settings page.
3. Review the NTP Server IP addresses in the settings fields.

If the IP addresses are not within the private network, this is a finding.

Vulnerability Number

V-94589

Documentable

False

Rule Version

SELS-ND-001025

Severity Override Guidance

Verify NTP packets only traverse on the private network by traffic engineering both the physical path and redundant path between switch and NTP server.

1. Login to the OTSDN Controller with permission Level 3 rights into parent.
2. Go to the Configuration Objects settings page.
3. Review the NTP Server IP addresses in the settings fields.

If the IP addresses are not within the private network, this is a finding.

Check Content Reference

M

Target Key

3383

Comments