STIGQter STIGQter: STIG Summary: Riverbed SteelHead CX v8 NDM Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 25 Oct 2019:

Applications used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications.

DISA Rule

SV-77471r1_rule

Vulnerability Number

V-62981

Group Title

SRG-APP-000411-NDM-000330

Rule Version

RICX-DM-000134

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure RiOS to implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications.

Navigate to the device CLI
Type: enable
Type: config t
Type: no telnet-server enable
Type: ssh server enable
Type: ssh server allowed-cyphers aes128-cbc, 3des-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr
Type: web enable
Type: no web http enable
Type: web https enable
Type: write memory
Type: exit
Type: exit

Check Contents

Verify that RiOS is configured to implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications.

Navigate to the device CLI
Type: enable
Type: show configuration full
Verify that "no telnet-server enable" is in the configuration
Verify that "ssh server enable" is set in the configuration
Verify that "web enable" is in the configuration
Verify that "no web http enable" is in the configuration
Verify that "web https enable" is in the configuration

If any one of the above settings is missing from the configuration, this is a finding.

Vulnerability Number

V-62981

Documentable

False

Rule Version

RICX-DM-000134

Severity Override Guidance

Verify that RiOS is configured to implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications.

Navigate to the device CLI
Type: enable
Type: show configuration full
Verify that "no telnet-server enable" is in the configuration
Verify that "ssh server enable" is set in the configuration
Verify that "web enable" is in the configuration
Verify that "no web http enable" is in the configuration
Verify that "web https enable" is in the configuration

If any one of the above settings is missing from the configuration, this is a finding.

Check Content Reference

M

Target Key

2931

Comments