| V-92303 | | The SEL-2740S must be adopted by OTSDN Controllers for secure communication identifiers and initial trust for configuration of remote maintenance and diagnostic communications. | This requires the use of secure protocols instead of their unsecured counterparts, such as SSH instead of telnet, SCP instead of FTP, and HTTPS instea... |
| V-92291 | | The SEL-2740S must be configured to create log records for DoD-defined events. | Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or... |
| V-92293 | | The SEL-2740S must alert the ISSO and SA (at a minimum) in the event of an audit processing failure. | It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notificatio... |
| V-92295 | | The SEL-2740S must be configured to send log data to a Syslog server or collected by another parent OTSDN Controller. | Protection of log data includes assuring log data is not accidentally lost or deleted. Regularly backing up audit records to a different system or ont... |
| V-92297 | | The SEL-2740S must be configured to compare internal information system clocks at least every 24 hours with an authoritative time server. | Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular ev... |
| V-92299 | | The SEL-2740S must be configured to synchronize internal system clocks with an authoritative time source. | Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular ev... |
| V-92301 | | The SEL-2740S must be configured to maintain internal system clocks with a backup authoritative time server. | The loss of connectivity to a particular authoritative time source will result in the loss of time synchronization (free-run mode) and increasingly in... |
| V-92305 | | The SEL-2740S must be configured to permit the maintenance and diagnostics communications to specified OTSDN Controller(s). | DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or m... |
| V-92307 | | The SEL-2740S must be adopted by OTSDN Controller(s) and obtain its public key certificates from an appropriate certificate policy through an approved service provider. | For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agenci... |
| V-92309 | | The SEL-2740S must be configured to establish trust relationships with parent OTSDN Controller(s). | Machine to machine initial trust must be established between the OTSDN controller and the SEL-2740S for authenticating all communications and configur... |
| V-92311 | | The SEL-2740S must be configured to send log data to a syslog server for the purpose of forwarding alerts to the administrators and the ISSO. | Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way t... |
| V-94589 | | The SEL-2740S must authenticate Network Time Protocol sources using authentication that is cryptographically based. | If Network Time Protocol is not authenticated, an attacker can introduce a rogue NTP server. This rogue server can then be used to send incorrect time... |
| V-94591 | | The SEL-2740S must employ automated mechanisms to assist in the tracking of security incidents. | Despite the investment in perimeter defense technologies, enclaves are still faced with detecting, analyzing, and remediating network breaches and exp... |
