STIGQter: STIG Summary: Network Device Management Security Requirements Guide Version: 4 Release: 1 Benchmark Date: 23 Apr 2021:

The network device must generate unique session identifiers using a FIPS 140-2 approved random number generator.

DISA Rule

SV-202077r397735_rule

Vulnerability Number

V-202077

Group Title

SRG-APP-000224

Rule Version

SRG-APP-000224-NDM-000270

Severity

CAT II

CCI(s)

CCI-001188 - The information system generates unique session identifiers for each session with organization-defined randomness requirements.

Weight

Fix Recommendation

Configure the network device to generate unique session identifiers using a FIPS 140-2 approved random number generator.

Check Contents

If the network device uses a web interface for device management, determine if it generates unique session identifiers using a FIPS 140-2 approved random number generator. This requirement may be verified by validated NIST certification and vendor documentation. If the network device does not use unique session identifiers for its web interface for device management, this is a finding.

The network device must generate unique session identifiers using a FIPS 140-2 approved random number generator.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments