| Checked | Name | Title |
|---|
| ☐ | SV-3012r4_rule | Network devices must be password protected. |
| ☐ | SV-3013r5_rule | Network devices must display the DoD-approved logon banner warning. |
| ☐ | SV-3014r4_rule | The network devices must timeout management connections for administrative access after 10 minutes or less of inactivity. |
| ☐ | SV-3056r7_rule | Group accounts must not be configured for use on the network device. |
| ☐ | SV-3057r6_rule | Authorized accounts must be assigned the least privilege level necessary to perform assigned duties. |
| ☐ | SV-3058r5_rule | Unauthorized accounts must not be configured for access to the network device. |
| ☐ | SV-3069r5_rule | Management connections to a network device must be established using secure protocols with FIPS 140-2 validated cryptographic modules. |
| ☐ | SV-3070r4_rule | Network devices must log all attempts to establish a management connection for administrative access. |
| ☐ | SV-3143r4_rule | Network devices must not have any default manufacturer passwords. |
| ☐ | SV-3160r4_rule | Network devices must be running a current and supported operating system with all IAVMs addressed. |
| ☐ | SV-3175r5_rule | The network device must require authentication prior to establishing a management connection for administrative access. |
| ☐ | SV-3196r4_rule | The network device must use SNMP Version 3 Security Model with FIPS 140-2 validated cryptography for any SNMP agent configured on the device. |
| ☐ | SV-3210r4_rule | The network device must not use the default or well-known SNMP community strings public and private. |
| ☐ | SV-3966r6_rule | In the event the authentication server is unavailable, the network device must have a single local account of last resort defined. |
| ☐ | SV-3967r4_rule | The network devices must time out access to the console port at 10 minutes or less of inactivity. |
| ☐ | SV-3969r5_rule | Network devices must only allow SNMP read-only access. |
| ☐ | SV-4582r5_rule | The network device must require authentication for console access. |
| ☐ | SV-5611r5_rule | The network devices must only allow management connections for administrative access from hosts residing in the management network. |
| ☐ | SV-5613r4_rule | The network device must be configured for a maximum number of unsuccessful SSH logon attempts set at 3 before resetting the interface. |
| ☐ | SV-7365r4_rule | The auxiliary port must be disabled unless it is connected to a secured modem providing encryption and authentication. |
| ☐ | SV-15327r6_rule | Network devices must authenticate all NTP messages received from NTP servers and peers. |
| ☐ | SV-15459r4_rule | The network device must not allow SSH Version 1 to be used for administrative access. |
| ☐ | SV-15614r1_rule | WLAN SSIDs must be changed from the manufacturer’s default to a pseudo random word that does not identify the unit, base, organization, etc. |
| ☐ | SV-15656r1_rule | The WLAN inactive session timeout must be set for 30 minutes or less. |
| ☐ | SV-15657r1_rule | WLAN signals must not be intercepted outside areas authorized for WLAN access. |
| ☐ | SV-16259r4_rule | Network devices must use two or more authentication servers for the purpose of granting administrative access. |
| ☐ | SV-16261r5_rule | The emergency administration account must be set to an appropriate authorization level to perform necessary administrative functions when the authentication server is not online. |
| ☐ | SV-19075r4_rule | The network devices OOBM interface must be configured with an OOBM network address. |
| ☐ | SV-19076r4_rule | The network devices management interface must be configured with both an ingress and egress ACL. |
| ☐ | SV-28651r4_rule | Network devices must use at least two NTP servers to synchronize time. |
| ☐ | SV-31426r1_rule | WLAN access point must be configured for Wi-Fi Alliance WPA2 security. |
| ☐ | SV-31427r2_rule | The password configured on the WLAN Access Point for key generation and client access must be set to a 14 character or longer complex password as required by USCYBERCOM CTO 07-15Rev1. |
| ☐ | SV-36774r5_rule | A service or feature that calls home to the vendor must be disabled. |
| ☐ | SV-102339r1_rule | WLAN components must be FIPS 140-2 certified. |
| ☐ | SV-102341r1_rule | WLAN components must be Wi-Fi Alliance certified with WPA2 or WPA3. |
| ☐ | SV-102343r1_rule | DoD Components providing guest WLAN access (Internet access only) must use separate WLAN or logical segmentation of the enterprise WLAN (e.g., separate service set identifier (SSID) and virtual LAN) or DoD network. |
STIGQter: STIG Summary: