STIGQter: STIG Summary: Juniper SRX SG NDM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Juniper SRX Services Gateway must be configured to synchronize internal information system clocks with the primary and secondary NTP servers for the network.

DISA Rule

SV-223205r513304_rule

Vulnerability Number

V-223205

Group Title

SRG-APP-000373-NDM-000298

Rule Version

JUSX-DM-000094

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-001893 - The information system identifies a secondary authoritative time source that is located in a different geographic region than the primary authoritative time source.

Weight

10

Fix Recommendation

The following commands allow the device to keep time synchronized with the network. To designate a primary NTP server, add the “prefer” keyword to the server statement.

[edit]
set system ntp server <NTP-server1-IP> prefer
set system ntp source-address <MGT-IP-Address>
set system ntp server <NTP-server2-IP>
set system ntp source-address <MGT-IP-Address>

Check Contents

Verify the Juniper SRX is configured to synchronize internal information system clocks with the primary and secondary NTP sources.

[edit]
show system ntp

If the Juniper SRX is not configured to synchronize internal information system clocks with an NTP server, this is a finding.

Vulnerability Number

V-223205

Documentable

False

Rule Version

JUSX-DM-000094

Severity Override Guidance

Verify the Juniper SRX is configured to synchronize internal information system clocks with the primary and secondary NTP sources.

[edit]
show system ntp

If the Juniper SRX is not configured to synchronize internal information system clocks with an NTP server, this is a finding.

Check Content Reference

M

Target Key

4098

Comments