Juniper SRX SG NDM STIG

Juniper SRX SG NDM Security Technical Implementation Guide

ID Vuln ID Title Cat Status
JUSX-DM-000018 V-223184 For local accounts created on the device, the Juniper SRX Services Gateway must automatically generate log records for account removal events. Cat II
JUSX-DM-000105 V-223207 The Juniper SRX Services Gateway must use DoD-approved PKI rather than proprietary or self-signed device certificates. Cat II
JUSX-DM-000106 V-229028 The Juniper SRX Services Gateway must generate an alarm or send an alert message to the management console when a component failure is detected. Cat II
JUSX-DM-000038 V-66475 The Juniper SRX Services Gateway must enable log record generation for DoD-defined auditable events within the Juniper SRX Service Gateway. Cat II
JUSX-DM-000007 V-229014 The Juniper SRX Services Gateway must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect. Cat II
JUSX-DM-000128 V-223217 For local accounts using password authentication (i.e., the root account and the account of last resort), the Juniper SRX Services Gateway must enforce a minimum 15-character password length. Cat II
JUSX-DM-000150 V-223227 For nonlocal maintenance sessions using SSH, the Juniper SRX Services Gateway must securely configured SSHv2 with privacy options to protect the confidentiality of maintenance and diagnostic communications for nonlocal maintenance sessions. Cat II
JUSX-DM-000055 V-223197 The Juniper SRX Services Gateway must generate log records containing the full-text recording of privileged commands. Cat III
JUSX-DM-000044 V-223195 The Juniper SRX Services Gateway must generate log records when privileged commands are executed. Cat III
JUSX-DM-000153 V-223229 The Juniper SRX Services Gateway must immediately terminate SSH network connections when the user logs off, the session abnormally terminates, or an upstream link from the managed device goes down. Cat II
JUSX-DM-000154 V-223230 The Juniper SRX Services Gateway must terminate the console session when the serial cable connected to the console port is unplugged. Cat III
JUSX-DM-000114 V-223214 The Juniper SRX Services Gateway must ensure TCP forwarding is disabled for SSH to prevent unauthorized access. Cat II
JUSX-DM-000094 V-223205 The Juniper SRX Services Gateway must be configured to synchronize internal information system clocks with the primary and secondary NTP servers for the network. Cat II
JUSX-DM-000097 V-229025 The Juniper SRX Services Gateway must be configured to use a centralized authentication server to authenticate privileged users for remote and nonlocal access for device management. Cat I
JUSX-DM-000040 V-223191 The Juniper SRX Services Gateway must generate log records when successful attempts to configure the device and use commands occur. Cat III

Print

Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.
Print

Version Changes

If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.
Changes