STIGQter: STIG Summary: Symantec ProxySG ALG Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Apr 2020:

Symantec ProxySG must implement security policies that enforce approved authorizations for logical access to information and system resources by employing identity-based, role-based, and/or attribute-based security policies.

DISA Rule

SV-104181r1_rule

Vulnerability Number

V-94227

Group Title

SRG-NET-000015-ALG-000016

Rule Version

SYMP-AG-000060

Severity

CAT I

CCI(s)

• CCI-000213 - The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Weight

10

Fix Recommendation

Obtain the SSP with the site's security policy. Configure the ProxySG to enforce approved authorizations by employing identity-based, role-based, and/or attribute-based authorization for access to proxied websites.

1. Log on to the web Management Console.
2. Click Configuration >> Visual Policy Manager.
3. Click "Launch".
4. For each Web Access Layer that is configured, right-click the "Source" of each column and click "Set".
5. Select the users, groups, roles, and attributes as required by the site's security policy.
6. Click File >> Install Policy on SG Appliance.

Check Contents

Obtain the SSP with the site's security policy. Verify that identity-based, role-based, and/or attribute-based authorization is configured for access to proxied websites. Verify that security policies and rules are configured and applied.

1. Log on to the Web Management Console.
2. Click Configuration >> Visual Policy Manager.
3. Click "Launch".
4. For each rule within each Web Access Layer, verify that the "Source" column for each rule contains something other than "any" (any is the default value). Verify that rules comply with the site's security policy.

If Symantec ProxySG does not implement security policies that enforce approved authorizations for logical access to information and system resources by employing identity-based, role-based, and/or attribute-based security policies, this is a finding.

Vulnerability Number

V-94227

Documentable

False

Rule Version

SYMP-AG-000060

Severity Override Guidance

Obtain the SSP with the site's security policy. Verify that identity-based, role-based, and/or attribute-based authorization is configured for access to proxied websites. Verify that security policies and rules are configured and applied.

1. Log on to the Web Management Console.
2. Click Configuration >> Visual Policy Manager.
3. Click "Launch".
4. For each rule within each Web Access Layer, verify that the "Source" column for each rule contains something other than "any" (any is the default value). Verify that rules comply with the site's security policy.

If Symantec ProxySG does not implement security policies that enforce approved authorizations for logical access to information and system resources by employing identity-based, role-based, and/or attribute-based security policies, this is a finding.

Check Content Reference

M

Target Key

3515

Comments