Detections
Analytics

DISA Juniper SRX Services Gateway NDM v2r1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA Juniper SRX Services Gateway NDM v2r1

Updated: 8/26/2024

Authority: DISA STIG

Plugin: Juniper

Revision: 1.2

Estimated Item Count: 71

Audit Items

DescriptionCategories
JUSX-DM-000001 - The Juniper SRX Services Gateway must limit the number of concurrent sessions to a maximum of 10 or less for remote access using SSH.
JUSX-DM-000007 - The Juniper SRX Services Gateway must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.
JUSX-DM-000015 - For local accounts created on the device, the Juniper SRX Services Gateway must automatically generate log records for account creation events.
JUSX-DM-000016 - For local accounts created on the device, the Juniper SRX Services Gateway must automatically generate log records for account modification events.
JUSX-DM-000017 - For local accounts created on the device, the Juniper SRX Services Gateway must automatically generate log records for account disabling events.
JUSX-DM-000018 - For local accounts created on the device, the Juniper SRX Services Gateway must automatically generate log records for account removal events.
JUSX-DM-000019 - For local accounts, the Juniper SRX Services Gateway must generate an alert message to the management console and generate a log event record that can be forwarded to the ISSO and designated system administrators when local accounts are created.
JUSX-DM-000020 - The Juniper SRX Services Gateway must generate an alert message to the management console and generate a log event record that can be forwarded to the ISSO and designated system administrators when the local accounts (i.e., the account of last resort or root account) are modified.
JUSX-DM-000021 - The Juniper SRX Services Gateway must generate an alert message to the management console and generate a log event record that can be forwarded to the ISSO and designated system administrators when accounts are disabled.
JUSX-DM-000022 - The Juniper SRX Services Gateway must generate alerts to the management console and generate a log record that can be forwarded to the ISSO and designated system administrators when the local accounts (i.e., the account of last resort or root account) are deleted.
JUSX-DM-000023 - The Juniper SRX Services Gateway must automatically generate a log event when accounts are enabled.
JUSX-DM-000024 - The Juniper SRX Services Gateway must generate an immediate alert message to the management console for account enabling actions.
JUSX-DM-000025 - The Juniper SRX Services Gateway must enforce the assigned privilege level for each administrator and authorizations for access to all commands by assigning a login class to all AAA-authenticated users.
JUSX-DM-000029 - The Juniper SRX Services Gateway must generate a log event when privileged commands are executed.
JUSX-DM-000030 - For local accounts created on the device, the Juniper SRX Services Gateway must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.
JUSX-DM-000032 - The Juniper SRX Services Gateway must display the Standard Mandatory DoD Notice and Consent Banner before granting access.
JUSX-DM-000039 - The Juniper SRX Services Gateway must allow only the ISSM (or administrators/roles appointed by the ISSM) to select which auditable events are to be generated and forwarded to the syslog and/or local logs.
JUSX-DM-000040 - The Juniper SRX Services Gateway must generate log records when successful attempts to configure the device and use commands occur.
JUSX-DM-000041 - The Juniper SRX Services Gateway must generate log records when changes are made to administrator privileges.
JUSX-DM-000042 - The Juniper SRX Services Gateway must generate log records when administrator privileges are deleted.
JUSX-DM-000043 - The Juniper SRX Services Gateway must generate log records when logon events occur.
JUSX-DM-000044 - The Juniper SRX Services Gateway must generate log records when privileged commands are executed.
JUSX-DM-000046 - The Juniper SRX Services Gateway must generate log records when concurrent logons from different workstations occur.
JUSX-DM-000055 - The Juniper SRX Services Gateway must generate log records containing the full-text recording of privileged commands.
JUSX-DM-000056 - For local log files, the Juniper SRX Services Gateway must allocate log storage capacity in accordance with organization-defined log record storage requirements so that the log files do not grow to a size that causes operational issues.
JUSX-DM-000059 - The Juniper SRX Services Gateway must generate an immediate system alert message to the management console when a log processing failure is detected.
JUSX-DM-000060 - For local logging, the Juniper SRX Services Gateway must generate a message to the system management console when a log processing failure occurs.
JUSX-DM-000061 - In the event that communications with the events server is lost, the Juniper SRX Services Gateway must continue to queue log records locally.
JUSX-DM-000065 - The Juniper SRX Services Gateway must record time stamps for log records using Coordinated Universal Time (UTC).
JUSX-DM-000077 - The Juniper SRX Services Gateway must implement logon roles to ensure only authorized roles are allowed to install software and updates.
JUSX-DM-000084 - If the loopback interface is used, the Juniper SRX Services Gateway must protect the loopback interface with firewall filters for known attacks that may exploit this interface.
JUSX-DM-000087 - The Juniper SRX Services Gateway must have the number of rollbacks set to 5 or more.
JUSX-DM-000094 - The Juniper SRX Services Gateway must be configured to synchronize internal information system clocks with the primary and secondary NTP servers for the network.
JUSX-DM-000095 - The Juniper SRX Services Gateway must be configured to use an authentication server to centrally manage authentication and logon settings for remote and nonlocal access.
JUSX-DM-000096 - The Juniper SRX Services Gateway must be configured to use an authentication server to centrally apply authentication and logon settings for remote and nonlocal access for device management.
JUSX-DM-000097 - The Juniper SRX Services Gateway must be configured to use a centralized authentication server to authenticate privileged users for remote and nonlocal access for device management.
JUSX-DM-000098 - The Juniper SRX Services Gateway must specify the order in which authentication servers are used.
JUSX-DM-000099 - The Juniper SRX Services Gateway must detect the addition of components and issue a priority 1 alert to the ISSM and SA, at a minimum.
JUSX-DM-000105 - The Juniper SRX Services Gateway must use DoD-approved PKI rather than proprietary or self-signed device certificates.
JUSX-DM-000106 - The Juniper SRX Services Gateway must generate an alarm or send an alert message to the management console when a component failure is detected.
JUSX-DM-000108 - The Juniper SRX Services Gateway must be configured to prohibit the use of unnecessary and/or nonsecure functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.
JUSX-DM-000109 - For nonlocal maintenance sessions, the Juniper SRX Services Gateway must remove or explicitly deny the use of nonsecure protocols.
JUSX-DM-000110 - The Juniper SRX Services Gateway must authenticate NTP servers before establishing a network connection using bidirectional authentication that is cryptographically based.
JUSX-DM-000111 - If SNMP is enabled, the Juniper SRX Services Gateway must use and securely configure SNMPv3.
JUSX-DM-000112 - The Juniper SRX Services Gateway must ensure SSH is disabled for root user logon to prevent remote access using the root account.
JUSX-DM-000113 - The Juniper SRX Services Gateway must ensure access to start a UNIX-level shell is restricted to only the root account.
JUSX-DM-000114 - The Juniper SRX Services Gateway must ensure TCP forwarding is disabled for SSH to prevent unauthorized access.
JUSX-DM-000115 - The Juniper SRX Services Gateway must be configured with only one local user account to be used as the account of last resort.
JUSX-DM-000124 - The Juniper SRX Services Gateway must implement replay-resistant authentication mechanisms for network access to privileged accounts.
JUSX-DM-000128 - For local accounts using password authentication (i.e., the root account and the account of last resort), the Juniper SRX Services Gateway must enforce a minimum 15-character password length.