| Checked | Name | Title |
|---|
| ☐ | SV-3012r4_rule | Network devices must be password protected. |
| ☐ | SV-3013r5_rule | Network devices must display the DoD-approved logon banner warning. |
| ☐ | SV-3014r4_rule | The network devices must timeout management connections for administrative access after 10 minutes or less of inactivity. |
| ☐ | SV-3043r4_rule | The network device must use different SNMP community names or groups for various levels of read and write access. |
| ☐ | SV-3056r7_rule | Group accounts must not be configured for use on the network device. |
| ☐ | SV-3057r6_rule | Authorized accounts must be assigned the least privilege level necessary to perform assigned duties. |
| ☐ | SV-3058r5_rule | Unauthorized accounts must not be configured for access to the network device. |
| ☐ | SV-3069r5_rule | Management connections to a network device must be established using secure protocols with FIPS 140-2 validated cryptographic modules. |
| ☐ | SV-3070r4_rule | Network devices must log all attempts to establish a management connection for administrative access. |
| ☐ | SV-3143r4_rule | Network devices must not have any default manufacturer passwords. |
| ☐ | SV-3160r4_rule | Network devices must be running a current and supported operating system with all IAVMs addressed. |
| ☐ | SV-3175r5_rule | The network device must require authentication prior to establishing a management connection for administrative access. |
| ☐ | SV-3196r4_rule | The network device must use SNMP Version 3 Security Model with FIPS 140-2 validated cryptography for any SNMP agent configured on the device. |
| ☐ | SV-3210r4_rule | The network device must not use the default or well-known SNMP community strings public and private. |
| ☐ | SV-3692r3_rule | WLAN must use EAP-TLS. |
| ☐ | SV-3966r6_rule | In the event the authentication server is unavailable, the network device must have a single local account of last resort defined. |
| ☐ | SV-3967r4_rule | The network devices must time out access to the console port at 10 minutes or less of inactivity. |
| ☐ | SV-3969r5_rule | Network devices must only allow SNMP read-only access. |
| ☐ | SV-4582r5_rule | The network device must require authentication for console access. |
| ☐ | SV-5611r5_rule | The network devices must only allow management connections for administrative access from hosts residing in the management network. |
| ☐ | SV-5612r4_rule | The network devices must be configured to timeout after 60 seconds or less for incomplete or broken SSH sessions. |
| ☐ | SV-5613r4_rule | The network device must be configured for a maximum number of unsuccessful SSH logon attempts set at 3 before resetting the interface. |
| ☐ | SV-7365r4_rule | The auxiliary port must be disabled unless it is connected to a secured modem providing encryption and authentication. |
| ☐ | SV-15327r6_rule | Network devices must authenticate all NTP messages received from NTP servers and peers. |
| ☐ | SV-15459r4_rule | The network device must not allow SSH Version 1 to be used for administrative access. |
| ☐ | SV-15614r1_rule | WLAN SSIDs must be changed from the manufacturer’s default to a pseudo random word that does not identify the unit, base, organization, etc. |
| ☐ | SV-15654r2_rule | Wireless access points and bridges must be placed in dedicated subnets outside the enclave’s perimeter. |
| ☐ | SV-15656r1_rule | The WLAN inactive session timeout must be set for 30 minutes or less. |
| ☐ | SV-15657r1_rule | WLAN signals must not be intercepted outside areas authorized for WLAN access. |
| ☐ | SV-16259r4_rule | Network devices must use two or more authentication servers for the purpose of granting administrative access. |
| ☐ | SV-16261r5_rule | The emergency administration account must be set to an appropriate authorization level to perform necessary administrative functions when the authentication server is not online. |
| ☐ | SV-19075r4_rule | The network devices OOBM interface must be configured with an OOBM network address. |
| ☐ | SV-19076r4_rule | The network devices management interface must be configured with both an ingress and egress ACL. |
| ☐ | SV-28651r4_rule | Network devices must use at least two NTP servers to synchronize time. |
| ☐ | SV-36774r5_rule | A service or feature that calls home to the vendor must be disabled. |
| ☐ | SV-39895r3_rule | WLAN EAP-TLS implementation must use certificate-based PKI authentication to connect to DoD networks. |
| ☐ | SV-102339r1_rule | WLAN components must be FIPS 140-2 certified. |
| ☐ | SV-102341r1_rule | WLAN components must be Wi-Fi Alliance certified with WPA2 or WPA3. |
| ☐ | SV-106521r1_rule | The site must conduct continuous wireless Intrusion Detection System (IDS) scanning. |
STIGQter: STIG Summary: