STIGQter STIGQter: STIG Summary: Riverbed SteelHead CX v8 NDM Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 25 Oct 2019: Riverbed Optimization System (RiOS) must employ automated mechanisms to centrally verify authentication settings.

DISA Rule

SV-77437r1_rule

Vulnerability Number

V-62947

Group Title

SRG-APP-000516-NDM-000338

Rule Version

RICX-DM-000094

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure RiOS to employ automated mechanisms to centrally verify authentication settings.

Navigate to the device Management Console

Navigate to Configure >> Security >> TACACS+
Click "Add a TACACS+ Server"
Set "Hostname or IP Address" to the hostname or IP address of the TACACS+ server
Set "Enabled"
Click "Add"
Click "Set a Global Default Key"
Set the value of "Global Key" to the required value
Set the value of "Confirm Global Key" to the required value
Click "Apply"

Navigate to the top of the web page and click "Save" to save these settings permanently

-- or --

Navigate to Configure >> Security >> RADIUS
Click "Add a RADIUS Server"
Set "Hostname or IP Address" to the hostname or IP address of the RADIUS server
Set the value of "Authentication Port" to the appropriate value
Set the value of "Authentication Type" to "CHAP"
Set "Enabled"
Click "Add"
Click "Set a Global Default Key"
Set the value of "Global Key" to the required value
Set the value of "Confirm Global Key" to the required value
Click "Apply"

Navigate to the top of the web page and click "Save" to save these settings permanently

Check Contents

Verify that RiOS is configured to employ automated mechanisms to centrally verify authentication settings.

Navigate to the device Management Console
Navigate to Configure >> Security >> TACACS+
Verify that "TACACS+ Servers" has at least one server defined

-- or --

Navigate to Configure >> Security >> RADIUS
Verify that "RADIUS Servers" has at least one server defined

If no servers exist in "TACACS+ Servers" or "RADIUS Servers", this is a finding.

Vulnerability Number

V-62947

Documentable

False

Rule Version

RICX-DM-000094

Severity Override Guidance

Verify that RiOS is configured to employ automated mechanisms to centrally verify authentication settings.

Navigate to the device Management Console
Navigate to Configure >> Security >> TACACS+
Verify that "TACACS+ Servers" has at least one server defined

-- or --

Navigate to Configure >> Security >> RADIUS
Verify that "RADIUS Servers" has at least one server defined

If no servers exist in "TACACS+ Servers" or "RADIUS Servers", this is a finding.

Check Content Reference

M

Target Key

2931

Comments