The Juniper Networks SRX Series Gateway IDPS must have only active Juniper Networks licenses.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-214636 | JUSX-IP-000030 | SV-214636r385561_rule | CCI-000366 | medium |
| Description | ||||
| If the IDP or UTM licenses are allowed to lapse, the Juniper SRX IDPS can still inspect traffic and continue to use the outdated signature database for rules, objects, and dynamic groups. However, updates to the signature database cannot be downloaded from Juniper Networks. This puts the network at risk since the updates are used to addresses new CERT and IAVM vulnerabilities. | ||||
| STIG | Date | |||
| Juniper SRX Services Gateway IDPS Security Technical Implementation Guide | 2024-06-10 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-6
1.00
- DISA · V2R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.4.1
1.00
- DISA · V2R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.4.2
1.00
- DISA · V2R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000366
1.00
- DISA · V2R1 · disa_xccdf · related
Details
Check Text (C-214636r385561_chk)
In operational mode, enter show system license.
If the license expiration for idp-sig and all other licenses installed are past today's date, this is a finding.
Fix Text (F-15838r297473_fix)
Update the expired licenses immediately following the procedures on the vendor website.