STIGQter: STIG Summary: Riverbed SteelHead CX v8 ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 30 Nov 2015:

If TLS WAN optimization is used, Riverbed Optimization System (RiOS) providing SSL Optimization must protect private keys ensuring that they stay in the data center by ensuring end-to-end security.

DISA Rule

SV-77305r1_rule

Vulnerability Number

V-62815

Group Title

SRG-NET-000062-ALG-000011

Rule Version

RICX-AG-000038

Severity

CAT II

CCI(s)

• CCI-000068 - The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions.

Weight

10

Fix Recommendation

Configure RiOS providing TLS optimization services to provide end-to-end security and protection for private keys.

Navigate to the device Management Console.
Navigate to Configure >> Optimization >> SSL Main Settings.
Navigate to SSL Server Certificates.
Select "Add a New SSL Certificate".
Select "Import Existing Private Key and CA-Signed Public Key".
Select "Local File".

Navigate to the certificate location on the management workstation and select the certificate for import.

Click "Add".
Navigate to "Enable SSL Optimization" and check the box.
Click "Apply".

Navigate to the top of the web page and click "Save" to save these setting permanently.

Check Contents

Verify that RiOS providing TLS optimization services is configured to ensure end-to-end security and protect private keys from unauthorized access.

Navigate to the device Management Console.
Navigate to Configure >> Optimization >> SSL Main Settings.
Verify that "Enable SSL Optimization" is checked.
Verify that "SSL Server Certificates:" contains the certificates for SSL services that the organization wants to optimize.

If "Enable SSL Optimization" is not checked or there are no "SSL Sever Certificates", this is a finding.

Vulnerability Number

V-62815

Documentable

False

Rule Version

RICX-AG-000038

Severity Override Guidance

Verify that RiOS providing TLS optimization services is configured to ensure end-to-end security and protect private keys from unauthorized access.

Navigate to the device Management Console.
Navigate to Configure >> Optimization >> SSL Main Settings.
Verify that "Enable SSL Optimization" is checked.
Verify that "SSL Server Certificates:" contains the certificates for SSL services that the organization wants to optimize.

If "Enable SSL Optimization" is not checked or there are no "SSL Sever Certificates", this is a finding.

Check Content Reference

M

Target Key

2929

Comments