DISA STIG Update - Feb 2022
U_SRG-STIG_2021_10v1
This package will update the DISA STIG Policies and Policy Rules on a given NetMRI to the STIG libraries released on 2021-10-27 (SRG-STIG Library - NON-FOUO).
To keep coverage for Security Techincal Implementation Guide (STIG) Compliance after the network STIG's sunset, the vendors which were previously covered by the generic STIG bundles were updated to their vendor-provided STIG Guidance.
In this archive, the following STIG Policies are provided:
- Cisco IOS-XE Router STIG Ver 2, Rel 3
- Cisco IOS-XE Switch STIG Ver 2, Rel 2
- Cisco IOS-XR Router STIG Ver 2, Rel 2
- Cisco IOS Router STIG Ver 2, Rel 2
- Cisco IOS Switch STIG Ver 2, Rel 3
- Cisco NX-OS Switch STIG Ver 2, Rel 3
- Cisco ASA Firewall STIG Ver 1, Rel 1
- Cisco ASA Network Device Management STIG Ver 1, Rel 1
- Cisco ASA VPN STIG Ver 1, Rel 1
- F5 BIG-IP Device Management 11.x STIG Ver 2, Rel 1
- F5 BIG-IP Local Traffic Manager 11.x STIG Ver 2, Rel 1
- Juniper Router STIG Ver 2, Rel 2
- Juniper Router Network Device Management STIG Ver 1, Rel 5
- Palo Alto Networks Application Layer Gateway STIG Ver 2, Rel 2
- Palo Alto Networks Intrusion Detection and Prevention System STIG Ver 2, Rel 2
- Palo Alto Networks Network Device Management STIG Ver 1, Rel 4
The installation program will update existing rules on the device based
on the title of the existing rules; if the program cannot find the rule
that is being updated, it will create the new rule(s) from the latest
STIG libraries. It will also remove rules that are no longer needed that
have been found on the device.
INSTALLATION
See the accompanying file INSTALL
CHANGES SINCE U_SRG-STIG_2021_07v1
CISC-L2-000130
Updated requirement to exempt VLANs managed via 802.1x.
CISC-L2-000150
Updated requirement to exempt VLANs managed via 802.1x.
CISC-L2-000170
Updated requirement to exempt VLANs managed via 802.1x.
CISC-ND-000150
Updated Rule Title, Check, and Fix to reflect the correct command.
CISC-ND-000490
Updated vulnerability discussion to allow secure network location for 'break glass' passwords.
CISC-ND-000530
Updated Check and Fix to remove AES-CBC algorithms.
CISC-ND-001200
Updated Check and Fix to correct outdated algorithms.
CISC-ND-001210
Updated Check and Fix to remove AES-CBC algorithms.
CISC-ND-001440
Updated the requirement to specify N/A when not using PKI.
CISC-RT-000050
Updated requirement to exempt BGP routing protocol.
CISC-RT-000235
Updated Vulnerability Discussion to correct an unfinished sentence.
md5 checksum for archive
80e8df15e4b644d1f27bd13cd5e21669
Categories
- All Categories
- 5K Forums
- 4.6K Critical Network Services
- 463 Security
- Visibility and Insights
- Ideas Portal
- Webinars & Events
- 265 Resources
- 265 News & Announcements
- Knowledge Base Articles
- Infoblox Documentation Portal
- Infoblox Blog
- Support Portal
- 4 Members Hub
- 4 Getting Started with Community
- Community Support