SEL-2740S NDM Security Technical Implementation Guide

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: [email protected]

Details

Version / Release: V1R1

Published: 2019-05-06

Updated At: 2019-07-06 12:01:31

Actions

Download

Filter


Findings
Severity Open Not Reviewed Not Applicable Not a Finding
Overall 0 0 0 0
Low 0 0 0 0
Medium 0 0 0 0
High 0 0 0 0
Drop CKL or SCAP (XCCDF) results here.

    Vuln Rule Version CCI Severity Title Description Status Finding Details Comments
    SV-102379r1_rule SELS-ND-000230 CCI-000169 MEDIUM The SEL-2740S must be configured to create log records for DoD-defined events. Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit records can be generated from various components within the
    SV-102381r1_rule SELS-ND-000340 CCI-000139 MEDIUM The SEL-2740S must alert the ISSO and SA (at a minimum) in the event of an audit processing failure. It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an impending failure of the audit capability and system opera
    SV-102383r1_rule SELS-ND-000430 CCI-001348 MEDIUM The SEL-2740S must be configured to send log data to a Syslog server or collected by another parent OTSDN Controller. Protection of log data includes assuring log data is not accidentally lost or deleted. Regularly backing up audit records to a different system or onto separate media than the system being audited helps to assure, in the event of a catastrophic system fai
    SV-102385r1_rule SELS-ND-001000 CCI-001891 MEDIUM The SEL-2740S must be configured to compare internal information system clocks at least every 24 hours with an authoritative time server. Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. S
    SV-102387r1_rule SELS-ND-001010 CCI-002046 MEDIUM The SEL-2740S must be configured to synchronize internal system clocks with an authoritative time source. Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events.
    SV-102389r1_rule SELS-ND-001020 CCI-000366 MEDIUM The SEL-2740S must be configured to maintain internal system clocks with a backup authoritative time server. The loss of connectivity to a particular authoritative time source will result in the loss of time synchronization (free-run mode) and increasingly inaccurate time stamps on audit events and other functions. Multiple time sources provide redundancy by i
    SV-102391r1_rule SELS-ND-001180 CCI-003123 HIGH The SEL-2740S must be adopted by OTSDN Controllers for secure communication identifiers and initial trust for configuration of remote maintenance and diagnostic communications. This requires the use of secure protocols instead of their unsecured counterparts, such as SSH instead of telnet, SCP instead of FTP, and HTTPS instead of HTTP. If unsecured protocols (lacking cryptographic mechanisms) are used for sessions, the contents
    SV-102393r1_rule SELS-ND-001190 CCI-002385 MEDIUM The SEL-2740S must be configured to permit the maintenance and diagnostics communications to specified OTSDN Controller(s). DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity. This requirement addresses the configuration of network devices to mit
    SV-102395r1_rule SELS-ND-001410 CCI-000366 MEDIUM The SEL-2740S must be adopted by OTSDN Controller(s) and obtain its public key certificates from an appropriate certificate policy through an approved service provider. For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Aut
    SV-102397r1_rule SELS-ND-001420 CCI-000803 MEDIUM The SEL-2740S must be configured to establish trust relationships with parent OTSDN Controller(s). Machine to machine initial trust must be established between the OTSDN controller and the SEL-2740S for authenticating all communications and configuration thereafter. Certificates must be created and safely stored. Backup OTSDN controller trust should
    SV-102399r1_rule SELS-ND-001430 CCI-000366 MEDIUM The SEL-2740S must be configured to send log data to a syslog server for the purpose of forwarding alerts to the administrators and the ISSO. Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to simply create a new account. Notification of account creation is
    SV-104419r2_rule SELS-ND-001025 CCI-001967 MEDIUM The SEL-2740S must authenticate Network Time Protocol sources using authentication that is cryptographically based. If Network Time Protocol is not authenticated, an attacker can introduce a rogue NTP server. This rogue server can then be used to send incorrect time information to network devices, which will make log timestamps inaccurate and affect scheduled actions.
    SV-104421r2_rule SELS-ND-001400 CCI-000366 MEDIUM The SEL-2740S must employ automated mechanisms to assist in the tracking of security incidents. Despite the investment in perimeter defense technologies, enclaves are still faced with detecting, analyzing, and remediating network breaches and exploits that have made it past the network device. An automated incident response infrastructure allows net