| JUSX-AG-000019 - For User Role Firewalls, the Juniper SRX Services Gateway Firewall must employ user attribute-based security policies to enforce approved authorizations for logical access to information and system resources. | ACCESS CONTROL |
| JUSX-AG-000036 - The Juniper SRX Services Gateway must generate log records when firewall filters, security screens and security policies are invoked and the traffic is denied or restricted. | AUDIT AND ACCOUNTABILITY |
| JUSX-AG-000037 - The Juniper SRX Services Gateway Firewall must generate audit records when unsuccessful attempts to access security zones occur. | AUDIT AND ACCOUNTABILITY |
| JUSX-AG-000057 - The Juniper SRX Services Gateway Firewall must be configured to support centralized management and configuration of the audit log. | AUDIT AND ACCOUNTABILITY |
| JUSX-AG-000063 - In the event that communications with the Syslog server is lost, the Juniper SRX Services Gateway must continue to queue traffic log records locally. | AUDIT AND ACCOUNTABILITY |
| JUSX-AG-000083 - The Juniper SRX Services Gateway Firewall must disable or remove unnecessary network services and functions that are not used as part of its role in the architecture. | CONFIGURATION MANAGEMENT |
| JUSX-AG-000084 - The Juniper SRX Services Gateway Firewall must not be configured as an NTP server since providing this network service is unrelated to the role as a firewall. | CONFIGURATION MANAGEMENT |
| JUSX-AG-000085 - The Juniper SRX Services Gateway Firewall must not be configured as a DNS proxy since providing this network service is unrelated to the role as a Firewall. | CONFIGURATION MANAGEMENT |
| JUSX-AG-000086 - The Juniper SRX Services Gateway Firewall must not be configured as a DHCP server since providing this network service is unrelated to the role as a Firewall. | CONFIGURATION MANAGEMENT |
| JUSX-AG-000087 - The Juniper SRX Services Gateway Firewall must be configured to prohibit or restrict the use of unauthorized functions, ports, protocols, and/or services, as defined in the PPSM CAL, vulnerability assessments. | CONFIGURATION MANAGEMENT |
| JUSX-AG-000105 - The Juniper SRX Services Gateway Firewall must terminate all communications sessions associated with user traffic after 15 minutes or less of inactivity. | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-AG-000120 - The Juniper SRX Services Gateway Firewall providing content filtering must protect against known and unknown types of denial-of-service (DoS) attacks by implementing statistics-based screens - DoS attacks by implementing statistics-based screens. | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-AG-000121 - The Juniper SRX Services Gateway Firewall must implement load balancing on the perimeter firewall, at a minimum, to limit the effects of known and unknown types of denial-of-service (DoS) attacks on the network - DoS attacks on the network. | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-AG-000122 - The Juniper SRX Services Gateway Firewall must protect against known types of denial-of-service (DoS) attacks by implementing signature-based screens - DoS attacks by implementing signature-based screens. | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-AG-000124 - The Juniper SRX Services Gateway Firewall must block outbound traffic containing known and unknown denial-of-service (DoS) attacks to protect against the use of internal information systems to launch any DoS attacks against other networks or endpoints - DoS attacks against other networks or endpoints. | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-AG-000126 - The Juniper SRX Services Gateway Firewall must only allow inbound communications from organization-defined authorized sources routed to organization-defined authorized destinations. | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-AG-000127 - The Juniper SRX Services Gateway Firewall must be configured to fail securely in the event of an operational failure of the firewall filtering or boundary protection function. | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-AG-000128 - The Juniper SRX Services Gateway Firewall must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-AG-000132 - The Juniper SRX Services Gateway Firewall must configure ICMP to meet DoD requirements. | SYSTEM AND INFORMATION INTEGRITY |
| JUSX-AG-000144 - The Juniper SRX Services Gateway Firewall must continuously monitor all inbound communications traffic for unusual/unauthorized activities or conditions. | SYSTEM AND INFORMATION INTEGRITY |
| JUSX-AG-000145 - The Juniper SRX Services Gateway Firewall must continuously monitor outbound communications traffic for unusual/unauthorized activities or conditions. | SYSTEM AND INFORMATION INTEGRITY |
| JUSX-AG-000146 - The Juniper SRX Services Gateway Firewall must generate an alert to, at a minimum, the ISSO and ISSM when unusual/unauthorized activities or conditions are detected during continuous monitoring of communications traffic as it traverses inbound or outbound across internal security boundaries. | SYSTEM AND INFORMATION INTEGRITY |
| JUSX-AG-000147 - The Juniper SRX Services Gateway Firewall must generate an alert that can be forwarded to, at a minimum, the ISSO and ISSM when threats identified by authoritative sources are detected. | SYSTEM AND INFORMATION INTEGRITY |
| JUSX-AG-000150 - The Juniper SRX Services Gateway Firewall must generate an alert that can be forwarded to, at a minimum, the ISSO and ISSM when DoS incidents are detected. | SYSTEM AND INFORMATION INTEGRITY |
