STIGQter: STIG Summary: Juniper SRX SG NDM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Juniper SRX Services Gateway must detect the addition of components and issue a priority 1 alert to the ISSM and SA, at a minimum.

DISA Rule

SV-229027r518259_rule

Vulnerability Number

V-229027

Group Title

SRG-APP-000516-NDM-000317

Rule Version

JUSX-DM-000099

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-000372 - The organization employs automated mechanisms to centrally verify configuration settings for organization-defined information system components.

Weight

10

Fix Recommendation

Update the SNMP configuration with the following device trap settings. This is an example method. Alerts must be sent immediately to the designated individuals (e.g., via Syslog configuration, SNMP trap, manned console message, or other events monitoring system).

set snmp v3 notify-filter device-traps oid jnxChassisTraps include
set snmp v3 notify-filter device-traps oid jnxChassisOKTraps include
set snmp v3 notify-filter device-traps oid system include
set snmp v3 notify-filter device-traps oid .1 include
set snmp v3 notify-filter device-traps oid

Check Contents

Verify SNMP is configured to capture chassis and device traps. If Syslog or a console method is used, verify that method instead.

[edit]
show snmp v3

If an immediate alert is not sent via SNMPv3 or another method, this is a finding.

Vulnerability Number

V-229027

Documentable

False

Rule Version

JUSX-DM-000099

Severity Override Guidance

Verify SNMP is configured to capture chassis and device traps. If Syslog or a console method is used, verify that method instead.

[edit]
show snmp v3

If an immediate alert is not sent via SNMPv3 or another method, this is a finding.

Check Content Reference

M

Target Key

4098

Comments