| Checked | Name | Title |
|---|
| ☐ | SV-79465r1_rule | The DBN-6300 must provide automated support for account management functions. |
| ☐ | SV-79473r1_rule | The DBN-6300 must automatically audit account creation. |
| ☐ | SV-79475r1_rule | The DBN-6300 must automatically audit account modification. |
| ☐ | SV-79477r1_rule | The DBN-6300 must be compliant with at least one IETF Internet standard authentication protocol. |
| ☐ | SV-79479r1_rule | The DBN-6300 must automatically audit account removal actions. |
| ☐ | SV-79481r1_rule | The DBN-6300 must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period. |
| ☐ | SV-79483r1_rule | The DBN-6300 must protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation. |
| ☐ | SV-79485r1_rule | The DBN-6300 must generate audit log events for a locally developed list of auditable events. |
| ☐ | SV-79487r1_rule | The DBN-6300 must provide audit record generation capability for DoD-defined auditable events within the DBN-6300. |
| ☐ | SV-91623r1_rule | The DBN-6300 must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be generated and forwarded to the audit log. |
| ☐ | SV-91625r1_rule | The DBN-6300 must generate log records when successful attempts to access privileges occur. |
| ☐ | SV-91627r1_rule | The DBN-6300 must initiate session auditing upon startup. |
| ☐ | SV-91629r1_rule | The DBN-6300 must produce audit log records containing sufficient information to establish what type of event occurred. |
| ☐ | SV-91631r1_rule | The DBN-6300 must produce audit records containing information to establish when (date and time) the events occurred. |
| ☐ | SV-91633r1_rule | The DBN-6300 must produce audit records containing information to establish where the events occurred. |
| ☐ | SV-91635r1_rule | The DBN-6300 must produce audit log records containing information to establish the source of events. |
| ☐ | SV-91637r1_rule | The DBN-6300 must produce audit records that contain information to establish the outcome of the event. |
| ☐ | SV-91639r1_rule | The DBN-6300 must generate audit records containing information that establishes the identity of any individual or process associated with the event. |
| ☐ | SV-91641r1_rule | The DBN-6300 must generate audit records containing the full-text recording of privileged commands. |
| ☐ | SV-91643r1_rule | The DBN-6300 must use internal system clocks to generate time stamps for audit records. |
| ☐ | SV-91645r1_rule | The DBN-6300 must back up audit records at least every seven days onto a different system or system component than the system or component being audited. |
| ☐ | SV-91647r1_rule | The DBN-6300 must uniquely identify and authenticate organizational administrators (or processes acting on behalf of organizational administrators). |
| ☐ | SV-91649r1_rule | The DBN-6300 must use multifactor authentication for network access (remote and nonlocal) to privileged accounts. |
| ☐ | SV-91651r1_rule | The DBN-6300 must use multifactor authentication for local access to privileged accounts. |
| ☐ | SV-91653r1_rule | The DBN-6300 must implement replay-resistant authentication mechanisms for network access to privileged accounts. |
| ☐ | SV-91655r1_rule | The DBN-6300 must enforce a minimum 15-character password length. |
| ☐ | SV-91657r1_rule | The DBN-6300 must prohibit password reuse for a minimum of five generations. |
| ☐ | SV-91659r1_rule | If multifactor authentication is not supported and passwords must be used, the DBN-6300 must enforce password complexity by requiring that at least one upper-case character be used. |
| ☐ | SV-91661r1_rule | If multifactor authentication is not supported and passwords must be used, the DBN-6300 must enforce password complexity by requiring that at least one lower-case character be used. |
| ☐ | SV-91663r1_rule | If multifactor authentication is not supported and passwords must be used, the DBN-6300 must enforce password complexity by requiring that at least one numeric character be used. |
| ☐ | SV-91665r1_rule | If multifactor authentication is not supported and passwords must be used, the DBN-6300 must enforce password complexity by requiring that at least one special character be used. |
| ☐ | SV-91667r1_rule | The DBN-6300 must enforce 24 hours/1 day as the minimum password lifetime. |
| ☐ | SV-91669r1_rule | The DBN-6300 must enforce a 60-day maximum password lifetime restriction. |
| ☐ | SV-91671r1_rule | The DBN-6300 must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements. |
| ☐ | SV-91673r1_rule | The DBN-6300 must reveal error messages only to authorized individuals (ISSO, ISSM, and SA). |
| ☐ | SV-91675r1_rule | The DBN-6300 must activate a system alert message, send an alarm, and/or automatically shut down when a component failure is detected. |
| ☐ | SV-91677r1_rule | The DBN-6300 must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect. |
| ☐ | SV-91679r1_rule | The DBN-6300 must automatically audit account enabling actions. |
| ☐ | SV-91681r1_rule | The DBN-6300 must audit the execution of privileged functions. |
| ☐ | SV-91683r1_rule | The DBN-6300 must provide the capability for organization-identified individuals or roles to change the auditing to be performed based on all selectable event criteria within near real time. |
| ☐ | SV-91685r1_rule | The DBN-6300 must compare internal information system clocks at least every 24 hours with an authoritative time server. |
| ☐ | SV-91687r1_rule | The DBN-6300 must synchronize its internal system clock to the NTP server when the time difference is greater than one second. |
| ☐ | SV-91689r1_rule | The DBN-6300 must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC). |
| ☐ | SV-91691r1_rule | The DBN-6300 must record time stamps for audit records that meet a granularity of one second for a minimum degree of precision. |
| ☐ | SV-91693r1_rule | The DBN-6300 must audit the enforcement actions used to restrict access associated with changes to the device. |
| ☐ | SV-91695r1_rule | Applications used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications. |
| ☐ | SV-91697r1_rule | Applications used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications. |
| ☐ | SV-91699r1_rule | The DBN-6300 must generate audit records when successful/unsuccessful attempts to modify administrator privileges occur. |
| ☐ | SV-91701r1_rule | The DBN-6300 must generate audit records when successful/unsuccessful attempts to delete administrator privileges occur. |
| ☐ | SV-91703r1_rule | The DBN-6300 must generate audit records when successful/unsuccessful logon attempts occur. |
| ☐ | SV-91705r1_rule | The DBN-6300 must generate audit records for privileged activities or other system-level access. |
| ☐ | SV-91707r1_rule | The DBN-6300 must generate audit records showing starting and ending time for administrator access to the system. |
| ☐ | SV-91709r1_rule | The DBN-6300 must generate audit records when concurrent logons from different workstations occur. |
| ☐ | SV-91711r1_rule | The DBN-6300 must generate audit records for all account creation, modification, disabling, and termination events. |
| ☐ | SV-91713r1_rule | The DBN-6300 must off-load audit records onto a different system or media than the system being audited. |
| ☐ | SV-91715r1_rule | The DBN-6300 must be configured to send log data to a syslog server for the purpose of forwarding alerts to the administrators and the ISSO. |
| ☐ | SV-91717r1_rule | Accounts for device management must be configured on the authentication server and not the network device itself, except for the account of last resort. |
| ☐ | SV-91719r1_rule | The DBN-6300 must obtain its public key certificates from an appropriate certificate policy through an approved service provider. |
STIGQter: STIG Summary: