STIGQter: STIG Summary: Symantec ProxySG ALG Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Apr 2020:

Symantec ProxySG providing user authentication intermediary services must implement multifactor authentication for remote access to nonprivileged accounts such that one of the factors is provided by a device separate from the system gaining access.

DISA Rule

SV-104239r2_rule

Vulnerability Number

V-94285

Group Title

SRG-NET-000339-ALG-000090

Rule Version

SYMP-AG-000350

Severity

CAT II

CCI(s)

• CCI-001951 - The information system implements multifactor authentication for remote access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access.

Weight

10

Fix Recommendation

Configure an approved method of multifactor authentication (such as CAC certificate authentication).

1. Log on to the Web Management Console.
2. Browse to Configuration >> Authentication.
3. Configure at least one multifactor method (such as CAC certificate authentication) per the ProxySG Administration Guide (CAC Certificate authentication configuration is covered in Chapter 52: Certificate Realm Authentication and Chapter 58: LDAP Realm Authentication).

Check Contents

Multiple methods of multifactor authentication are supported. Verify that an approved method is configured (such as CAC certificate authentication).

1. Log on to the Web Management Console.
2. Browse to Configuration >> Authentication.
3. Click each of the above authentication mechanisms and Verify that at least one approved multifactor authentication method is configured per the ProxySG Administration Guide (CAC Certificate authentication configuration is covered in Chapter 52: Certificate Realm Authentication and Chapter 58: LDAP Realm Authentication).

If Symantec ProxySG providing user authentication intermediary services does not implement multifactor authentication for remote access to nonprivileged accounts such that one of the factors is provided by a device separate from the system gaining access, this is a finding.

Vulnerability Number

V-94285

Documentable

False

Rule Version

SYMP-AG-000350

Severity Override Guidance

Multiple methods of multifactor authentication are supported. Verify that an approved method is configured (such as CAC certificate authentication).

1. Log on to the Web Management Console.
2. Browse to Configuration >> Authentication.
3. Click each of the above authentication mechanisms and Verify that at least one approved multifactor authentication method is configured per the ProxySG Administration Guide (CAC Certificate authentication configuration is covered in Chapter 52: Certificate Realm Authentication and Chapter 58: LDAP Realm Authentication).

If Symantec ProxySG providing user authentication intermediary services does not implement multifactor authentication for remote access to nonprivileged accounts such that one of the factors is provided by a device separate from the system gaining access, this is a finding.

Check Content Reference

M

Target Key

3515

Comments