STIGQter STIGQter: STIG Summary: Riverbed SteelHead CX v8 NDM Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 25 Oct 2019:

Riverbed Optimization System (RiOS) must automatically lock the account until the locked account is released by an administrator when three unsuccessful login attempts in 15 minutes are exceeded.

DISA Rule

SV-77353r1_rule

Vulnerability Number

V-62863

Group Title

SRG-APP-000345-NDM-000290

Rule Version

RICX-DM-000026

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure RiOS to limit the number of unsuccessful login attempts to 3 during a 15-minute period.

Navigate to the device Management Console
Navigate to Configure >> Security >> Password Policy
Set the value of "Login Attempts Before Lockout:" to "3"
Set the value of "Timeout for User Login After Lockout (seconds);" to "900"

Click "Apply" to save the changes
Navigate to the top of the web page and click "Save" to write changes to memory

Check Contents

Verify that RiOS is configured to limit the number of unsuccessful login attempts during a 15-minute period to 3.

Navigate to the device Management Console
Navigate to Configure >> Security >> Password Policy

Verify that "Login Attempts Before Lockout:" is set to "3"
Verify that "Timeout for User Login After Lockout (seconds)" is set to "900"

If "Login Attempts Before Lockout" is not set to "3" and/or "Timeout for User Login After Lockout (seconds)" is not set to "900", this is a finding.

Vulnerability Number

V-62863

Documentable

False

Rule Version

RICX-DM-000026

Severity Override Guidance

Verify that RiOS is configured to limit the number of unsuccessful login attempts during a 15-minute period to 3.

Navigate to the device Management Console
Navigate to Configure >> Security >> Password Policy

Verify that "Login Attempts Before Lockout:" is set to "3"
Verify that "Timeout for User Login After Lockout (seconds)" is set to "900"

If "Login Attempts Before Lockout" is not set to "3" and/or "Timeout for User Login After Lockout (seconds)" is not set to "900", this is a finding.

Check Content Reference

M

Target Key

2931

Comments