STIGQter STIGQter: STIG Summary: Symantec ProxySG ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jan 2020: Symantec ProxySG providing reverse proxy encryption intermediary services must use NIST FIPS-validated cryptography to implement encryption services.

DISA Rule

SV-104263r1_rule

Vulnerability Number

V-94309

Group Title

SRG-NET-000510-ALG-000111

Rule Version

SYMP-AG-000480

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure TLS reverse proxy intermediary services to comply with NIST FIPS-validated cryptography.

1. Verify with the ProxySG administrator that reverse proxy services are configured.
2. Log on to the Web Management Console.
3. Click Configuration >> Services >> Proxy Services.
4. For each reverse proxy service configured, click "Edit Service" and select only NIST FIPS-validated SSL protocols. Click "Apply".
5. Log on to the ProxySG SSH CLI.
6. Type "enable" and enter the enable password.
7. Type "configure" and press "Enter".
8. Type "proxy-services" and press "Enter".
9. For each reverse proxy service identified by the administrator, type "edit <reverse proxy service name".
10. Type "attribute" followed by a list of the desired NIST FIPS-validated cipher suites.

See the Blue Coat Reverse Proxy WebGuide for more information.

Check Contents

Verify that TLS reverse proxy intermediary services are configured to comply with NIST FIPS-validated cryptography.

1. Verify with the ProxySG administrator that reverse proxy services are configured.
2. Log on to the Web Management Console.
3. Click Configuration >> Services >> Proxy Services.
4. For each reverse proxy service identified by the administrator, click "Edit Service" and Verify that only NIST FIPS-validated SSL protocols are enabled.
5. Log on to the ProxySG SSH CLI.
6. Type "enable" and enter the enable password.
7. Type "configure" and press "Enter".
8. Type "proxy-services" and press "Enter".
9. For each reverse proxy service identified by the administrator, type "edit <reverse proxy service name".
10. Type "view" and verify that only NIST FIPS-validated cipher suites are listed.

See the Blue Coat Reverse Proxy WebGuide for more information.

If Symantec ProxySG providing reverse proxy encryption intermediary services does not use NIST FIPS-validated cryptography to implement encryption services, this is a finding.

Vulnerability Number

V-94309

Documentable

False

Rule Version

SYMP-AG-000480

Severity Override Guidance

Verify that TLS reverse proxy intermediary services are configured to comply with NIST FIPS-validated cryptography.

1. Verify with the ProxySG administrator that reverse proxy services are configured.
2. Log on to the Web Management Console.
3. Click Configuration >> Services >> Proxy Services.
4. For each reverse proxy service identified by the administrator, click "Edit Service" and Verify that only NIST FIPS-validated SSL protocols are enabled.
5. Log on to the ProxySG SSH CLI.
6. Type "enable" and enter the enable password.
7. Type "configure" and press "Enter".
8. Type "proxy-services" and press "Enter".
9. For each reverse proxy service identified by the administrator, type "edit <reverse proxy service name".
10. Type "view" and verify that only NIST FIPS-validated cipher suites are listed.

See the Blue Coat Reverse Proxy WebGuide for more information.

If Symantec ProxySG providing reverse proxy encryption intermediary services does not use NIST FIPS-validated cryptography to implement encryption services, this is a finding.

Check Content Reference

M

Target Key

3515

Comments