STIGQter: STIG Summary: Symantec ProxySG ALG Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Apr 2020:

Symantec ProxySG must use Transport Layer Security (TLS) to protect the authenticity of communications sessions.

DISA Rule

SV-104265r1_rule

Vulnerability Number

V-94311

Group Title

SRG-NET-000230-ALG-000113

Rule Version

SYMP-AG-000490

Severity

CAT I

CCI(s)

• CCI-001184 - The information system protects the authenticity of communications sessions.

Weight

10

Fix Recommendation

Configure the ProxySG to use only FIPS-compliant HMAC algorithms.

1. Log on to the ProxySG SSH CLI.
2. Type "enable" and enter the enable password.
3. Type "configure terminal" and press "Enter".
4. Type "management-services" and press "Enter". Type "edit HTTPS-Console" and press "Enter".
5. Type "view" to display the list of configured cipher suites.
6. Type "attribute cipher-suite" followed by a space-delimited list of only cipher suites from step 5 that use FIPS-compliant HMAC algorithms and press "Enter".

Check Contents

Verify that only FIPS-compliant HMAC algorithms are in use.

1. Log on to the ProxySG CLI via SSH.
2. Type "show management services".
3. Verify the "Cipher Suite" attribute lists only cipher suites that use FIPS-compliant HMAC algorithms.

If any cipher suites are listed that use non-FIPS-compliant HMAC algorithms, this is a finding.

Vulnerability Number

V-94311

Documentable

False

Rule Version

SYMP-AG-000490

Severity Override Guidance

Verify that only FIPS-compliant HMAC algorithms are in use.

1. Log on to the ProxySG CLI via SSH.
2. Type "show management services".
3. Verify the "Cipher Suite" attribute lists only cipher suites that use FIPS-compliant HMAC algorithms.

If any cipher suites are listed that use non-FIPS-compliant HMAC algorithms, this is a finding.

Check Content Reference

M

Target Key

3515

Comments