STIGQter STIGQter: STIG Summary: Symantec ProxySG NDM Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jan 2020:

The Symantec ProxySG must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of nonlocal maintenance and diagnostic communications.

DISA Rule

SV-104541r1_rule

Vulnerability Number

V-94711

Group Title

SRG-APP-000411-NDM-000330

Rule Version

SYMP-NM-000300

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Configure the ProxySG to use only FIPS compliant HMAC algorithms.

1. Log on to the CLI via SSH.
2. Type "enable", enter the enable password.
3. Type "configure terminal" and press "Enter".
4. Type "management-services" and press "Enter", type "edit HTTPS-Console" and press "Enter".
5. Type "view" to display the list of configured cipher suites.
6. Type "attribute cipher-suite" followed by a space-delimited list of only cipher suites from step 5 which use FIPS compliant HMAC algorithms and press "Enter".

Check Contents

Verify only FIPS compliant HMAC algorithms are in use.

1. Log on to the CLI via SSH.
2. Type "show management services", press "Enter".
3. Ensure that the "Cipher Suite" attribute lists only cipher suites which use FIPS compliant HMAC algorithms.

If any cipher suites are listed that use non-FIPS compliant HMAC algorithms, this is a finding.

Vulnerability Number

V-94711

Documentable

False

Rule Version

SYMP-NM-000300

Severity Override Guidance

Verify only FIPS compliant HMAC algorithms are in use.

1. Log on to the CLI via SSH.
2. Type "show management services", press "Enter".
3. Ensure that the "Cipher Suite" attribute lists only cipher suites which use FIPS compliant HMAC algorithms.

If any cipher suites are listed that use non-FIPS compliant HMAC algorithms, this is a finding.

Check Content Reference

M

Target Key

3517

Comments