Detections
Analytics

DISA Symantec ProxySG Benchmark ALG v1r1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA Symantec ProxySG Benchmark ALG v1r1

Updated: 1/20/2021

Authority: DISA STIG

Plugin: BlueCoat

Revision: 1.3

Estimated Item Count: 97

File Details

Filename: DISA_STIG_Symantec_ProxySG_ALG_v1r1.audit

Size: 240 kB

MD5: 7bc5363179ec4b5d5c9332b1a82402ec
SHA256: 1bc3d92ea29de5068ae4f1de1d7ec63968cdec1c29ba5450b275c7c95a5ca3c6

Audit Items

DescriptionCategories
SYMP-AG-000010 - If Symantec ProxySG filters externally initiated traffic, reverse proxy services must be configured.

CONFIGURATION MANAGEMENT

SYMP-AG-000020 - Symantec ProxySG providing intermediary services for remote access communications traffic must ensure outbound traffic is monitored for compliance with remote access security policies.

CONFIGURATION MANAGEMENT

SYMP-AG-000030 - Symantec ProxySG providing forward proxy intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52. - client.connection.negotiated_cipher

ACCESS CONTROL

SYMP-AG-000030 - Symantec ProxySG providing forward proxy intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52. - client.connection.negotiated_ssl_version

ACCESS CONTROL

SYMP-AG-000030 - Symantec ProxySG providing forward proxy intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52. - server.connection.negotiated_cipher

ACCESS CONTROL

SYMP-AG-000030 - Symantec ProxySG providing forward proxy intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52. - server.connection.negotiated_ssl_version

ACCESS CONTROL

SYMP-AG-000040 - Symantec ProxySG providing reverse proxy intermediary services for TLS must be configured to version 1.1 or higher with an approved cipher suite.

SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-AG-000050 - Symantec ProxySG storing secret or private keys must use FIPS-approved key management technology and processes in the production and control of private/secret cryptographic keys.

SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-AG-000060 - Symantec ProxySG must implement security policies that enforce approved authorizations for logical access to information and system resources by employing identity-based, role-based, and/or attribute-based security policies.

CONFIGURATION MANAGEMENT

SYMP-AG-000070 - Symantec ProxySG must restrict or block harmful or suspicious communications traffic by controlling the flow of information between interconnected networks based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic. - SSL

CONFIGURATION MANAGEMENT

SYMP-AG-000070 - Symantec ProxySG must restrict or block harmful or suspicious communications traffic by controlling the flow of information between interconnected networks based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic. - Web Access

CONFIGURATION MANAGEMENT

SYMP-AG-000080 - Symantec ProxySG must enforce approved authorizations for controlling the flow of information within the network based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic.

CONFIGURATION MANAGEMENT

SYMP-AG-000090 - Symantec ProxySG must immediately use updates made to policy enforcement mechanisms such as policies and rules. - SSL

CONFIGURATION MANAGEMENT

SYMP-AG-000090 - Symantec ProxySG must immediately use updates made to policy enforcement mechanisms such as policies and rules. - Web Access

CONFIGURATION MANAGEMENT

SYMP-AG-000100 - Symantec ProxySG providing user access control intermediary services must display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to the network.

CONFIGURATION MANAGEMENT

SYMP-AG-000110 - Symantec ProxySG providing user access control intermediary services for publicly accessible applications must display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to the system.

CONFIGURATION MANAGEMENT

SYMP-AG-000120 - Symantec ProxySG providing user access control intermediary services must generate audit records when successful/unsuccessful logon attempts occur. - enabled

AUDIT AND ACCOUNTABILITY

SYMP-AG-000120 - Symantec ProxySG providing user access control intermediary services must generate audit records when successful/unsuccessful logon attempts occur. - policy rules

CONFIGURATION MANAGEMENT

SYMP-AG-000130 - Symantec ProxySG providing user access control intermediary services must generate audit records showing starting and ending time for user access to the system.

CONFIGURATION MANAGEMENT

SYMP-AG-000140 - Symantec ProxySG providing user access control intermediary services must generate audit records when successful/unsuccessful attempts to access web resources occur.

CONFIGURATION MANAGEMENT

SYMP-AG-000150 - Symantec ProxySG must produce audit records containing information to establish what type of events occurred.

AUDIT AND ACCOUNTABILITY

SYMP-AG-000160 - Symantec ProxySG must produce audit records containing information to establish when (date and time) the events occurred.

AUDIT AND ACCOUNTABILITY

SYMP-AG-000170 - Symantec ProxySG must produce audit records containing information to establish where the events occurred.

AUDIT AND ACCOUNTABILITY

SYMP-AG-000180 - Symantec ProxySG must produce audit records containing information to establish the source of the events.

AUDIT AND ACCOUNTABILITY

SYMP-AG-000190 - Symantec ProxySG must produce audit records containing information to establish the outcome of the events.

AUDIT AND ACCOUNTABILITY

SYMP-AG-000200 - Symantec ProxySG must generate audit records containing information to establish the identity of any individual or process associated with the event.

AUDIT AND ACCOUNTABILITY

SYMP-AG-000210 - Symantec ProxySG must use a centralized log server.

AUDIT AND ACCOUNTABILITY

SYMP-AG-000220 - Symantec ProxySG must be configured to send the access logs to the centralized log server continuously.

AUDIT AND ACCOUNTABILITY

SYMP-AG-000230 - Symantec ProxySG must provide an alert to, at a minimum, the SCA and ISSO of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server. - Enabled
SYMP-AG-000230 - Symantec ProxySG must provide an alert to, at a minimum, the SCA and ISSO of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server. - From

CONFIGURATION MANAGEMENT

SYMP-AG-000230 - Symantec ProxySG must provide an alert to, at a minimum, the SCA and ISSO of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server. - Server

CONFIGURATION MANAGEMENT

SYMP-AG-000240 - The reverse proxy Symantec ProxySG providing intermediary services for FTP must inspect inbound FTP communications traffic for protocol compliance and protocol anomalies. - Policy Rules

CONFIGURATION MANAGEMENT

SYMP-AG-000240 - The reverse proxy Symantec ProxySG providing intermediary services for FTP must inspect inbound FTP communications traffic for protocol compliance and protocol anomalies. - Review Proxies

CONFIGURATION MANAGEMENT

SYMP-AG-000250 - Symantec ProxySG providing intermediary services for FTP must inspect outbound FTP communications traffic for protocol compliance and protocol anomalies.

SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-AG-000260 - Symantec ProxySG providing intermediary services for HTTP must inspect inbound HTTP traffic for protocol compliance and protocol anomalies. - Explicit

SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-AG-000260 - Symantec ProxySG providing intermediary services for HTTP must inspect inbound HTTP traffic for protocol compliance and protocol anomalies. - External

SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-AG-000260 - Symantec ProxySG providing intermediary services for HTTP must inspect inbound HTTP traffic for protocol compliance and protocol anomalies. - Internal

CONFIGURATION MANAGEMENT

SYMP-AG-000270 - Symantec ProxySG providing intermediary services for HTTP must inspect outbound HTTP traffic for protocol compliance and protocol anomalies. - Explicit

SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-AG-000270 - Symantec ProxySG providing intermediary services for HTTP must inspect outbound HTTP traffic for protocol compliance and protocol anomalies. - External

SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-AG-000270 - Symantec ProxySG providing intermediary services for HTTP must inspect outbound HTTP traffic for protocol compliance and protocol anomalies. - Internal

CONFIGURATION MANAGEMENT

SYMP-AG-000280 - Symantec ProxySG must not have unnecessary services and functions enabled.
SYMP-AG-000290 - Symantec ProxySG must be configured to remove or disable unrelated or unneeded application proxy services.

SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-AG-000300 - Symantec ProxySG must be configured to prohibit or restrict the use of network services as defined in the PPSM CAL and vulnerability assessments.

CONFIGURATION MANAGEMENT

SYMP-AG-000310 - Symantec ProxySG providing user authentication intermediary services must require users to reauthenticate every 900 seconds when organization-defined circumstances or situations require reauthentication. - coreid

ACCESS CONTROL

SYMP-AG-000310 - Symantec ProxySG providing user authentication intermediary services must require users to reauthenticate every 900 seconds when organization-defined circumstances or situations require reauthentication. - iwa

ACCESS CONTROL

SYMP-AG-000310 - Symantec ProxySG providing user authentication intermediary services must require users to reauthenticate every 900 seconds when organization-defined circumstances or situations require reauthentication. - LDAP

ACCESS CONTROL

SYMP-AG-000310 - Symantec ProxySG providing user authentication intermediary services must require users to reauthenticate every 900 seconds when organization-defined circumstances or situations require reauthentication. - RADIUS

ACCESS CONTROL

SYMP-AG-000310 - Symantec ProxySG providing user authentication intermediary services must require users to reauthenticate every 900 seconds when organization-defined circumstances or situations require reauthentication. - siteminder

ACCESS CONTROL

SYMP-AG-000310 - Symantec ProxySG providing user authentication intermediary services must require users to reauthenticate every 900 seconds when organization-defined circumstances or situations require reauthentication. - xml

ACCESS CONTROL

SYMP-AG-000310 - Symantec ProxySG providing user authentication intermediary services must require users to reauthenticate every 900 seconds when organization-defined circumstances or situations require reauthentication. -RADIUS