STIGQter: STIG Summary: Symantec ProxySG NDM Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jan 2020:

Symantec ProxySG must obtain its public key certificates from an appropriate certificate policy through an approved service provider.

DISA Rule

SV-104521r1_rule

Vulnerability Number

V-94691

Group Title

SRG-APP-000516-NDM-000344

Rule Version

SYMP-NM-000200

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-001159 - The organization issues public key certificates under an organization-defined certificate policy or obtains public key certificates from an approved service provider.

Weight

10

Fix Recommendation

Assign an appropriately signed certificate to the management interface.

1. Log on to the Web Management Console.
2. Click Configuration >> SSL >> Keyrings.
3. Click "Create", provide a name and bit size, click "OK".
4. Select the newly created keyring, click "Edit".
5. Click "Create" under "Certificate Signing Request" and enter the appropriate information, click "OK", click "Close", click "Apply".
6. Select the newly created keyring, click "Edit".
7. Copy the text in the "Certificate Signing Request" field and submit to your appropriate Certificate Authority.
8. Once the certificate has been issued, paste it into the "Certificate" field, click "Close", click "Apply".
9. Click Services >> Management Services, click on "HTTPS-Console", click "Edit".
10. Change the "Keyring" value to the newly created keyring, click "OK", click "Apply".

Check Contents

Verify all management certificates are issued by an appropriate certificate authority.

1. Log on to the Web Management Console.
2. Click Services >> Management Services, click on HTTPS-Console and click "Edit".
3. Note the name of the "keyring" assigned.
4. Click Configuration >> SSL >> Keyrings.
5. Select the keyring that was noted above, click "View Certificate".
6. Confirm that the certificate is issued by the appropriate certificate authority.

If Symantec ProxySG does not obtain its public key certificates from an appropriate certificate policy through an approved service provider, this is a finding.

Vulnerability Number

V-94691

Documentable

False

Rule Version

SYMP-NM-000200

Severity Override Guidance

Verify all management certificates are issued by an appropriate certificate authority.

1. Log on to the Web Management Console.
2. Click Services >> Management Services, click on HTTPS-Console and click "Edit".
3. Note the name of the "keyring" assigned.
4. Click Configuration >> SSL >> Keyrings.
5. Select the keyring that was noted above, click "View Certificate".
6. Confirm that the certificate is issued by the appropriate certificate authority.

If Symantec ProxySG does not obtain its public key certificates from an appropriate certificate policy through an approved service provider, this is a finding.

Check Content Reference

M

Target Key

3517

Comments