| Checked | Name | Title |
|---|
| ☐ | SV-104305r2_rule | Symantec ProxySG must enable Attack Detection. |
| ☐ | SV-104483r1_rule | Symantec ProxySG must be configured with only one local account that is used as the account of last resort. |
| ☐ | SV-104485r1_rule | Symantec ProxySG must be configured to enforce user authorization to implement least privilege. |
| ☐ | SV-104487r1_rule | Symantec ProxySG must configure Web Management Console access restrictions to authorized IP address/ranges. |
| ☐ | SV-104489r1_rule | Symantec ProxySG must be configured to enforce assigned privilege levels for approved administrators when accessing the management console, SSH, and the command line interface (CLI). |
| ☐ | SV-104491r1_rule | Symantec ProxySG must be configured to enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period. |
| ☐ | SV-104493r1_rule | Symantec ProxySG must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device. |
| ☐ | SV-104495r1_rule | Symantec ProxySG must enable event access logging. |
| ☐ | SV-104497r1_rule | Symantec ProxySG must be configured to support centralized management and configuration of the audit log. |
| ☐ | SV-104499r1_rule | Symantec ProxySG must generate an alert to the console when a log processing failure is detected such as loss of communications with the Central Log Server or log records are no longer being sent. |
| ☐ | SV-104501r1_rule | Symantec ProxySG must compare internal information system clocks at least every 24 hours with an authoritative time server. |
| ☐ | SV-104503r1_rule | Symantec ProxySG must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources. |
| ☐ | SV-104505r1_rule | Symantec ProxySG must protect the Web Management Console, SSH, and command line interface (CLI) from unauthorized modification. |
| ☐ | SV-104507r1_rule | Symantec ProxySG must protect the Web Management Console, SSH, and command line interface (CLI) from unauthorized access. |
| ☐ | SV-104509r1_rule | Symantec ProxySG must back up event logs onto a different system or system component than the system or component being audited. |
| ☐ | SV-104511r1_rule | Symantec ProxySG must employ automated mechanisms to centrally verify authentication settings. |
| ☐ | SV-104513r1_rule | Accounts for device management must be configured on the authentication server and not on Symantec ProxySG itself, except for the account of last resort. |
| ☐ | SV-104515r1_rule | Symantec ProxySG must use Role-Based Access Control (RBAC) to assign privileges to users for access to files and functions. |
| ☐ | SV-104517r1_rule | Symantec ProxySG must employ automated mechanisms to centrally apply authentication settings. |
| ☐ | SV-104519r1_rule | Symantec ProxySG must support organizational requirements to conduct backups of system level information contained in the ProxySG when changes occur or weekly, whichever is sooner. |
| ☐ | SV-104521r1_rule | Symantec ProxySG must obtain its public key certificates from an appropriate certificate policy through an approved service provider. |
| ☐ | SV-104523r1_rule | Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component. |
| ☐ | SV-104525r1_rule | Symantec ProxySG must use only approved management services protocols. |
| ☐ | SV-104527r1_rule | Symantec ProxySG must implement HTTPS-console to provide replay-resistant authentication mechanisms for network access to privileged accounts. |
| ☐ | SV-104529r1_rule | Symantec ProxySG must configure SNMPv3 so that cryptographically-based bidirectional authentication is used. |
| ☐ | SV-104531r1_rule | Symantec ProxySG must be configured to enforce a minimum 15-character password length for local accounts. |
| ☐ | SV-104533r1_rule | Symantec ProxySG must transmit only encrypted representations of passwords. |
| ☐ | SV-104535r1_rule | Symantec ProxySG must not have a default manufacturer passwords when deployed. |
| ☐ | SV-104537r1_rule | Symantec ProxySG must be configured to use only FIPS 140-2 approved algorithms for authentication to a cryptographic module with any application or protocol. |
| ☐ | SV-104539r1_rule | The Symantec ProxySG Web Management Console and SSH sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications. |
| ☐ | SV-104541r1_rule | The Symantec ProxySG must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of nonlocal maintenance and diagnostic communications. |
| ☐ | SV-104543r1_rule | Symantec ProxySG must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements. |
STIGQter: STIG Summary: