| V-275453 | | The Riverbed NetIM must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable. | Authentication for administrative (privileged-level) access to the device is required at all times. An account can be created on the device's local da... |
| V-275455 | | NetIM must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the device. | Display of the DOD-approved use notification before granting access to the network device ensures privacy and security notification verbiage used is c... |
| V-275456 | | NetIM must retain the Standard Mandatory DOD Notice and Consent Banner on the screen until the administrator acknowledges the usage conditions and takes explicit actions to log on for further access. | The banner must be acknowledged by the administrator prior to the device allowing the administrator access to the network device. This provides assura... |
| V-275462 | | The Riverbed NetIM must support organizational requirements to back up the NetIM application and security configuration when changes occur. | System-level information includes default and customized settings and security attributes, including ACLs that relate to the network device configurat... |
| V-275465 | | The Riverbed NetIM must enforce a minimum 15-character password length. | Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset or set of resources. Inform... |
| V-275467 | | The Riverbed NetIM must be configured to allow user selection of long passwords and passphrases, including spaces and all printable characters for password-based authentication. | Password-based authentication applies to passwords regardless of whether they are used in single-factor or multifactor authentication. Long passwords ... |
| V-275481 | | The Riverbed NetIM must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must block any login attempt for 15 minutes. | By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, ... |
| V-275482 | | The Riverbed NetIM must off-load audit records onto a different system or media than the system being audited. | Information stored in one location on a disk may be vulnerable to accidental or incidental deletion or alteration.
The ability to off-load those file... |
| V-275488 | | The Riverbed NetIM must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC). | Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. Bidirectional authenticati... |
| V-275457 | | The Riverbed NetIM must generate an alert of all audit failure events. | To ensure network devices have a sufficient storage capacity in which to write the audit logs, they need to be able to allocate audit record storage c... |
| V-275466 | | The Riverbed NetIM must be configured to require immediate selection of a new password upon account recovery for password-based authentication. | Specify a temporary password to improve security. A temporary password can be enabled only if Account Control is enabled. If a temporary password is s... |
| V-275452 | | The Riverbed NetIM must enable and configure user audit logging. | Auditing account disabling actions will support account management procedures. When device management accounts are disabled, user or service accessibi... |
| V-275454 | | The Riverbed NetIM must be configured to assign appropriate user roles or access levels to authenticated users. | Successful identification and authentication must not automatically give an entity full access to a network device or security domain. The lack of aut... |
| V-275461 | | The Riverbed NetIM must be configured to use an authentication server configured for multifactor authentication (MFA) using DOD PKI for the purpose of authenticating users prior to granting administrative access. | MFA is the requirement that two or more factors be used to confirm the identity of an individual who is requesting access to digital information resou... |
| V-275473 | | The Riverbed NetIM must be configured to automatically generate DOD-required audit records with sufficient information to support incident reporting. | The aggregation of log data kept on a syslog server can be used to detect attacks and trigger an alert to the appropriate security personnel. The stor... |
