| Checked | Name | Title |
|---|
| ☐ | SV-77279r1_rule | Riverbed Optimization System (RiOS) must provide automated support for account management functions. |
| ☐ | SV-77325r1_rule | Riverbed Optimization System (RiOS) must terminate local shared/group account credentials, such as the Admin account is used, when members who know the account password leave the group. |
| ☐ | SV-77327r1_rule | Riverbed Optimization System (RiOS) must disable the local Shark and Monitor accounts so they cannot be used as shared accounts by users. |
| ☐ | SV-77329r1_rule | Riverbed Optimization System (RiOS) must automatically generate a log event for account creation events. |
| ☐ | SV-77331r1_rule | Riverbed Optimization System (RiOS) must automatically log event for account modification. |
| ☐ | SV-77333r1_rule | Riverbed Optimization System (RiOS) must automatically generate a log event for account disabling actions. |
| ☐ | SV-77335r1_rule | Riverbed Optimization System (RiOS) must automatically generate a log event for account removal actions. |
| ☐ | SV-77337r2_rule | Riverbed Optimization System (RiOS) must generate alerts that can be forwarded to the administrators and ISSO when local accounts are created. |
| ☐ | SV-77339r1_rule | Riverbed Optimization System (RiOS) must generate alerts that can be forwarded to the administrators and ISSO when accounts are modified. |
| ☐ | SV-77341r1_rule | Riverbed Optimization System (RiOS) must generate alerts that can be forwarded to the administrators and ISSO when accounts are disabled. |
| ☐ | SV-77343r1_rule | Riverbed Optimization System (RiOS) must generate alerts that can be forwarded to the administrators and ISSO when accounts are removed. |
| ☐ | SV-77345r1_rule | Riverbed Optimization System (RiOS) must enforce the assigned privilege level for each administrator and authorizations for access to all commands relative to the privilege level in accordance with applicable policy for the device. |
| ☐ | SV-77347r1_rule | Riverbed Optimization System (RiOS) must generate a log event when privileged functions are executed. |
| ☐ | SV-77349r1_rule | Riverbed Optimization System (RiOS) must enforce the limit of three (3) consecutive invalid logon attempts by a user during a 15-minute time period for device console access. |
| ☐ | SV-77351r1_rule | Riverbed Optimization System (RiOS) must enforce the limit of three (3) consecutive invalid logon attempts by a user during a 15-minute time period for web-based management access. |
| ☐ | SV-77353r1_rule | Riverbed Optimization System (RiOS) must automatically lock the account until the locked account is released by an administrator when three unsuccessful login attempts in 15 minutes are exceeded. |
| ☐ | SV-77355r1_rule | Riverbed Optimization System (RiOS) must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device. |
| ☐ | SV-77357r1_rule | Riverbed Optimization System (RiOS) must limit the number of concurrent sessions to one (1) for each administrator account and/or administrator account type. |
| ☐ | SV-77387r1_rule | Riverbed Optimization System (RiOS) must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect. |
| ☐ | SV-77389r1_rule | Riverbed Optimization System (RiOS) must generate audit records containing the full-text recording of privileged commands. |
| ☐ | SV-77391r1_rule | Riverbed Optimization System (RiOS) must generate an email alert of all log failure events requiring alerts. |
| ☐ | SV-77407r1_rule | Riverbed Optimization System (RiOS) must alert the ISSO and SA (at a minimum) in the event of an audit processing failure. |
| ☐ | SV-77411r1_rule | Riverbed Optimization System (RiOS) must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC). |
| ☐ | SV-77413r1_rule | Riverbed Optimization System (RiOS) must protect audit information from any type of unauthorized read access. |
| ☐ | SV-77415r1_rule | Riverbed Optimization System (RiOS) must protect audit information from unauthorized modification. |
| ☐ | SV-77417r1_rule | Riverbed Optimization System (RiOS) must protect audit information from unauthorized deletion. |
| ☐ | SV-77419r1_rule | Riverbed Optimization System (RiOS) must protect audit tools from unauthorized access. |
| ☐ | SV-77421r1_rule | Riverbed Optimization System (RiOS) must protect audit tools from unauthorized deletion. |
| ☐ | SV-77423r1_rule | Riverbed Optimization System (RiOS) must provide audit record generation capability for DoD-defined auditable events within the network device. |
| ☐ | SV-77425r1_rule | Riverbed Optimization System (RiOS) must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be logged. |
| ☐ | SV-77427r1_rule | Riverbed Optimization System (RiOS) must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources. |
| ☐ | SV-77429r1_rule | Riverbed Optimization System (RiOS) must generate a log event for the enforcement actions used to restrict access associated with changes to the device. |
| ☐ | SV-77431r1_rule | Riverbed Optimization System (RiOS) must enable the password authentication control policy to ensure password complexity controls and other password policy requirements are enforced. |
| ☐ | SV-77433r1_rule | Riverbed Optimization System (RiOS) must employ automated mechanisms to centrally manage authentication settings. |
| ☐ | SV-77435r1_rule | Riverbed Optimization System (RiOS) must employ automated mechanisms to centrally apply authentication settings. |
| ☐ | SV-77437r1_rule | Riverbed Optimization System (RiOS) must employ automated mechanisms to centrally verify authentication settings. |
| ☐ | SV-77439r1_rule | Riverbed Optimization System (RiOS) must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments. |
| ☐ | SV-77441r1_rule | Riverbed Optimization System (RiOS) must back up the system configuration files when configuration changes are made to the device. |
| ☐ | SV-77443r1_rule | Riverbed Optimization System (RiOS) must implement replay-resistant authentication mechanisms for network access to privileged accounts. |
| ☐ | SV-77445r1_rule | Riverbed Optimization System (RiOS) must authenticate network management endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based. |
| ☐ | SV-77447r1_rule | Riverbed Optimization System (RiOS) must authenticate SNMP server before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based. |
| ☐ | SV-77449r1_rule | Riverbed Optimization System (RiOS) must authenticate NTP server before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based. |
| ☐ | SV-77451r1_rule | Riverbed Optimization System (RiOS) must enforce a minimum 15-character password length. |
| ☐ | SV-77453r1_rule | Riverbed Optimization System (RiOS) must enforce password complexity by requiring that at least one upper-case character be used. |
| ☐ | SV-77455r1_rule | Riverbed Optimization System (RiOS) must enforce password complexity by requiring that at least one lower-case character be used. |
| ☐ | SV-77457r1_rule | Riverbed Optimization System (RiOS) must enforce password complexity by requiring that at least one numeric character be used. |
| ☐ | SV-77459r1_rule | Riverbed Optimization System (RiOS) must enforce password complexity by requiring that at least one numeric character be used. |
| ☐ | SV-77461r1_rule | Riverbed Optimization System (RiOS) must require that when a password is changed, the characters are changed in at least 15 of the positions within the password. |
| ☐ | SV-77463r1_rule | Riverbed Optimization System (RiOS) must enforce a 60-day maximum password lifetime restriction. |
| ☐ | SV-77465r1_rule | Riverbed Optimization System (RiOS) must prohibit password reuse for a minimum of five generations. |
| ☐ | SV-77467r1_rule | Riverbed Optimization System (RiOS) must use mechanisms meeting the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module. |
| ☐ | SV-77469r1_rule | Riverbed Optimization System (RiOS) performing maintenance functions must restrict use of these functions to authorized personnel only. |
| ☐ | SV-77471r1_rule | Applications used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications. |
| ☐ | SV-77473r1_rule | Applications used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications. |
| ☐ | SV-77475r1_rule | Riverbed Optimization System (RiOS) must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements. |
| ☐ | SV-77477r1_rule | Riverbed Optimization System (RiOS) must obtain its public key certificates from an appropriate certificate policy through an approved service provider. |
| ☐ | SV-77479r1_rule | Riverbed Optimization System (RiOS) must generate unique session identifiers using a FIPS 140-2 approved random number generator. |
| ☐ | SV-77481r1_rule | Riverbed Optimization System (RiOS) must protect against or limit the effects of all known types of Denial of Service (DoS) attacks on the network device management network by employing organization-defined security safeguards. |
| ☐ | SV-77483r1_rule | Riverbed Optimization System (RiOS) must generate an alert that can be sent to security personnel when threats identified by authoritative sources (e.g., CTOs) and IAW with CJCSM 6510.01B occur. |
| ☐ | SV-77485r1_rule | The application must reveal error messages only to authorized individuals (ISSO, ISSM, and SA). |
STIGQter: STIG Summary: