DISA STIG Updates - 28 October 2016 plus Palo Alto
Install.txt, README.txt, policy files and hash verification for DISA STIG update for 28 October, 2016 plus Palo Alto.
This package will update the DISA STIG Policies and Policy Rules on a given
NetMRI to the STIG libraries released on 28 October 2016. These STIG libraries
are:
STIG Firewall Version 8 Release 20
STIG Infrastructure Layer 2 Switch Version 8 Release 20
STIG Infrastructure Layer 3 Switch Version 8 Release 21
STIG Infrastructure Router Version 8 Release 21
STIG Network Devices Version 8 Release 20
STIG Perimeter Layer 3 Switch Version 8 Release 23
STIG Perimeter Router Version 8 Release 23
The installation program will update existing rules on the device based on the
title of the existing rules; if the program cannot find the rule that is being
updated, it will create the new rule(s) from the latest STIG libraries. It will
also prune rules that are no longer needed that have been found on the device.
INSTALLATION
============
See the file INSTALL.
CHANGES SINCE 20170131
======================
NET-IPV6-004
Added Palo Alto logic. The Policy Rule will fail if there are any router-
advertisement fields enabled in the configuration file.
NET-IPV6025E
Added Palo Alto logic. The Policy Rule will fail if any FEC0::/10 ipv6
addresses are defined.
NET-NAC-001
Added Palo Alto logic. The Policy Rule will pass if there is no RADIUS
settings configured.
NET-NAC-004
Added Palo Alto logic. The Policy Rule will pass if there is no RADIUS
settings configured.
NET-NAC-010
Added Palo Alto logic. The Policy Rule will pass if there is no RADIUS
settings configured.
NET0386
Added Palo Alto logic. The Policy Rule will pass if the alerts disk-quota is
<=75%, otherwise it will raise an Info.
NET0405
Removed Palo Alto from the SetFilter. Although there is an external
reporting system on PAN devices, they do not contain configuration
information.
NET0422
Removed Palo Alto from the SetFilter. PAN devices cannot be configured to
have key chaining like Cisco products.
NET0431
Added Palo Alto logic. The Policy Rule will pass if there is no RADIUS
settings configured.
NET0432
Added Palo Alto logic. The Policy Rule will pass if there is no RADIUS
settings configured.
NET0437
Added Palo Alto logic. The Policy Rule will pass if there is no RADIUS
settings configured.
NET1629I
Could not determine a way to disable the MGT port from within the
configuration file. This Policy Rule is set to always Fail if a Palo Alto
device is evaluated.
NET1638
Added Palo Alto logic. The Policy Rule will fail if Telnet or HTTP is
enabled or if HTTPS or SSH is disabled.
NET1645I
Added Palo Alto to SetFilter. This Policy Rule will always raise an Info.
It could not be determined how to configure a Palo Alto device's SSH
authentication timeout.
NET1646I
Added Palo Alto to SetFilter. This Policy Rule will always raise an Info.
It could not be determined how to configure a Palo Alto device's SSH
retry attempts.
NET1647
Added Palo Alto logic. A Palo Alto device will always pass this Policy Rule
because Palo Alto only uses SSH-2.
Categories
- All Categories
- 5.1K Forums
- 4.6K Critical Network Services
- 463 Security
- Visibility and Insights
- Ideas Portal
- Webinars & Events
- 266 Resources
- 266 News & Announcements
- Knowledge Base Articles
- Infoblox Documentation Portal
- Infoblox Blog
- Support Portal
- 4 Members Hub
- 4 Getting Started with Community
- Community Support