PANW-NM-000015 - The Palo Alto Networks security platform must enforce the limit of three consecutive invalid logon attempts.

800-53|AC-7a.

CAT|II

CCI|CCI-000044

Rule-ID|SV-228639r960840_rule

STIG-ID|PANW-NM-000015

STIG-Legacy|SV-77195

STIG-Legacy|V-62705

Vuln-ID|V-228639

PANW-NM-000016 - The Palo Alto Networks security platform must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.

800-53|AC-8a.

CAT|III

CCI|CCI-000048

Rule-ID|SV-228640r960843_rule

STIG-ID|PANW-NM-000016

STIG-Legacy|SV-77197

STIG-Legacy|V-62707

Vuln-ID|V-228640

PANW-NM-000024 - The Palo Alto Networks security platform must generate audit records when successful/unsuccessful attempts to access privileges occur - Configuration Logs 'CRITICAL'

800-53|AU-12c.

CCI|CCI-000172

Rule-ID|SV-228642r960885_rule

STIG-ID|PANW-NM-000024

STIG-Legacy|SV-77201

STIG-Legacy|V-62711

Vuln-ID|V-228642

PANW-NM-000024 - The Palo Alto Networks security platform must generate audit records when successful/unsuccessful attempts to access privileges occur - Configuration Logs 'HIGH'

PANW-NM-000024 - The Palo Alto Networks security platform must generate audit records when successful/unsuccessful attempts to access privileges occur - Configuration Logs 'INFORMATIONAL'

PANW-NM-000024 - The Palo Alto Networks security platform must generate audit records when successful/unsuccessful attempts to access privileges occur - Configuration Logs 'LOW'

PANW-NM-000024 - The Palo Alto Networks security platform must generate audit records when successful/unsuccessful attempts to access privileges occur - Configuration Logs 'MEDIUM'

PANW-NM-000024 - The Palo Alto Networks security platform must generate audit records when successful/unsuccessful attempts to access privileges occur - System Logs 'CRITICAL'

PANW-NM-000024 - The Palo Alto Networks security platform must generate audit records when successful/unsuccessful attempts to access privileges occur - System Logs 'HIGH'

PANW-NM-000024 - The Palo Alto Networks security platform must generate audit records when successful/unsuccessful attempts to access privileges occur - System Logs 'INFORMATIONAL'

PANW-NM-000024 - The Palo Alto Networks security platform must generate audit records when successful/unsuccessful attempts to access privileges occur - System Logs 'LOW'

PANW-NM-000024 - The Palo Alto Networks security platform must generate audit records when successful/unsuccessful attempts to access privileges occur - System Logs 'MEDIUM'

PANW-NM-000029 - The Palo Alto Networks security platform must produce audit log records containing information (FQDN, unique hostname, management IP address) to establish the source of events - 'Hostname'

800-53|AU-3

CCI|CCI-000133

Rule-ID|SV-228643r960900_rule

STIG-ID|PANW-NM-000029

STIG-Legacy|SV-77203

STIG-Legacy|V-62713

Vuln-ID|V-228643

PANW-NM-000029 - The Palo Alto Networks security platform must produce audit log records containing information (FQDN, unique hostname, management IP address) to establish the source of events - 'Send Hostname in Syslog'

PANW-NM-000046 - The Palo Alto Networks security platform must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.

800-53|CM-7b.

CCI|CCI-000382

Rule-ID|SV-228645r960966_rule

STIG-ID|PANW-NM-000046

STIG-Legacy|SV-77207

STIG-Legacy|V-62717

Vuln-ID|V-228645

PANW-NM-000047 - The Palo Alto Networks security platform must uniquely identify and authenticate organizational administrators (or processes acting on behalf of organizational administrators).

800-53|CM-6b.

800-53|IA-2

CCI|CCI-000366

CCI|CCI-000764

Rule-ID|SV-228646r961863_rule

STIG-ID|PANW-NM-000047

STIG-Legacy|SV-77209

STIG-Legacy|V-62719

Vuln-ID|V-228646

PANW-NM-000051 - The Palo Alto Networks security platform must implement replay-resistant authentication mechanisms for network access to privileged accounts.

800-53|IA-2(8)

CCI|CCI-001941

Rule-ID|SV-228647r960993_rule

STIG-ID|PANW-NM-000051

STIG-Legacy|SV-77211

STIG-Legacy|V-62721

Vuln-ID|V-228647

PANW-NM-000053 - If multifactor authentication is not available and passwords must be used, the Palo Alto Networks security platform must enforce a minimum 15-character password length.

800-53|IA-5(1)(a)

CCI|CCI-004066

Rule-ID|SV-228648r997657_rule

STIG-ID|PANW-NM-000053

STIG-Legacy|SV-77213

STIG-Legacy|V-62723

Vuln-ID|V-228648

PANW-NM-000055 - If multifactor authentication is not available and passwords must be used, the Palo Alto Networks security platform must enforce password complexity by requiring that at least one uppercase character be used.

Rule-ID|SV-228650r997660_rule

STIG-ID|PANW-NM-000055

STIG-Legacy|SV-77217

STIG-Legacy|V-62727

Vuln-ID|V-228650

PANW-NM-000056 - If multifactor authentication is not available and passwords must be used, the Palo Alto Networks security platform must enforce password complexity by requiring that at least one lowercase character be used.

Rule-ID|SV-228651r997663_rule

STIG-ID|PANW-NM-000056

STIG-Legacy|SV-77219

STIG-Legacy|V-62729

Vuln-ID|V-228651

PANW-NM-000057 - If multifactor authentication is not available and passwords must be used, the Palo Alto Networks security platform must enforce password complexity by requiring that at least one numeric character be used.

Rule-ID|SV-228652r997666_rule

STIG-ID|PANW-NM-000057

STIG-Legacy|SV-77221

STIG-Legacy|V-62731

Vuln-ID|V-228652

PANW-NM-000058 - If multifactor authentication is not available and passwords must be used, the Palo Alto Networks security platform must enforce password complexity by requiring that at least one special character be used.

Rule-ID|SV-228653r997669_rule

STIG-ID|PANW-NM-000058

STIG-Legacy|SV-77223

STIG-Legacy|V-62733

Vuln-ID|V-228653

PANW-NM-000059 - If multifactor authentication is not available and passwords must be used, the Palo Alto Networks security platform must require that when a password is changed, the characters are changed in at least 8 of the positions within the password.

Rule-ID|SV-228654r997672_rule

STIG-ID|PANW-NM-000059

STIG-Legacy|SV-77225

STIG-Legacy|V-62735

Vuln-ID|V-228654

PANW-NM-000061 - The Palo Alto Networks security platform must prohibit the use of unencrypted protocols for network access to privileged accounts.

800-53|IA-5(1)(c)

CCI|CCI-000197

Rule-ID|SV-228655r961029_rule

STIG-ID|PANW-NM-000061

STIG-Legacy|SV-77227

STIG-Legacy|V-62737

Vuln-ID|V-228655

PANW-NM-000069 - The Palo Alto Networks security platform must terminate management sessions after 10 minutes of inactivity except to fulfill documented and validated mission requirements.

800-53|SC-10

CAT|I

CCI|CCI-001133

Rule-ID|SV-228658r961068_rule

STIG-ID|PANW-NM-000069

STIG-Legacy|SV-77233

STIG-Legacy|V-62743

Vuln-ID|V-228658

PANW-NM-000075 - Administrators in the role of Security Administrator,  Cryptographic Administrator, or Audit Administrator must not also have the role of Audit Administrator.

800-53|SI-11b.

CCI|CCI-001314

Rule-ID|SV-228659r961863_rule

STIG-ID|PANW-NM-000075

STIG-Legacy|SV-77235

STIG-Legacy|V-62745

Vuln-ID|V-228659

PANW-NM-000092 - The Palo Alto Networks security platform must automatically lock the account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded.

800-53|AC-7b.

CCI|CCI-002238

Rule-ID|SV-228660r961863_rule

STIG-ID|PANW-NM-000092

STIG-Legacy|SV-77237

STIG-Legacy|V-62747

Vuln-ID|V-228660

PANW-NM-000096 - The Palo Alto Networks security platform must generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.

800-53|AU-5(1)

CCI|CCI-001855

Rule-ID|SV-228661r961863_rule

STIG-ID|PANW-NM-000096

STIG-Legacy|SV-77239

STIG-Legacy|V-62749

Vuln-ID|V-228661

PANW-NM-000097 - The Palo Alto Networks security platform must have alarms enabled.

800-53|AU-5(2)

CCI|CCI-001858

CCI|CCI-003831

Rule-ID|SV-228662r997675_rule

STIG-ID|PANW-NM-000097

STIG-Legacy|SV-77241

STIG-Legacy|V-62751

Vuln-ID|V-228662

PANW-NM-000098 - The Palo Alto Networks security platform must compare internal information system clocks at least every 24 hours with an authoritative time server.

CCI|CCI-004923

Rule-ID|SV-228663r997678_rule

STIG-ID|PANW-NM-000098

STIG-Legacy|SV-77243

STIG-Legacy|V-62753

Vuln-ID|V-228663

PANW-NM-000099 - The Palo Alto Networks security platform must synchronize internal information system clocks to the authoritative time source when the time difference is greater than one second.

CCI|CCI-004926

Rule-ID|SV-228664r997681_rule

STIG-ID|PANW-NM-000099

STIG-Legacy|SV-77245

STIG-Legacy|V-62755

Vuln-ID|V-228664

PANW-NM-000100 - The Palo Alto Networks security platform must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources.

CCI|CCI-004922

CCI|CCI-004928

Rule-ID|SV-228665r997684_rule

STIG-ID|PANW-NM-000100

STIG-Legacy|SV-77247

STIG-Legacy|V-62757

Vuln-ID|V-228665

PANW-NM-000101 - The Palo Alto Networks security platform must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).

800-53|AU-8b.

CCI|CCI-001890

Rule-ID|SV-228666r961443_rule

STIG-ID|PANW-NM-000101

STIG-Legacy|SV-77249

STIG-Legacy|V-62759

Vuln-ID|V-228666

PANW-NM-000110 - The Palo Alto Networks security platform must accept and verify Personal Identity Verification (PIV) credentials - 'Certificate Profile'

800-53|IA-2(12)

CCI|CCI-001953

CCI|CCI-004068

Rule-ID|SV-228667r997687_rule

STIG-ID|PANW-NM-000110

STIG-Legacy|SV-77251

STIG-Legacy|V-62761

Vuln-ID|V-228667

PANW-NM-000110 - The Palo Alto Networks security platform must accept and verify Personal Identity Verification (PIV) credentials - 'DOD CA certificates'

PANW-NM-000110 - The Palo Alto Networks security platform must accept and verify Personal Identity Verification (PIV) credentials - 'Use OCSP'

PANW-NM-000117 - The Palo Alto Networks security platform must only allow the use of secure protocols that implement cryptographic mechanisms to protect the integrity of maintenance and diagnostic communications for nonlocal maintenance sessions.

800-53|MA-4(6)

Detections

Analytics

DISA STIG Palo Alto NDM v3r1

Audit Details

File Details

Audit Changelog

No revisions found