Juniper SRX Services Gateway (SG) STIG Ver 2, Rel 1 Checklist Details (Checklist Revisions)

Supporting Resources:

Target:

Target CPE Name
Juniper SRX Services Gateway (SG) cpe:/o:juniper:junos:12.1x46 (View CVEs)

Checklist Highlights

Checklist Name:
Juniper SRX Services Gateway (SG) STIG
Checklist ID:
657
Version:
Ver 2, Rel 1
Type:
Compliance
Review Status:
Final
Authority:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:
01/27/2017

Checklist Summary:

The Juniper SRX is a series of hardware platforms that consists of two product lines, the branch series and the data center series. The two product lines differ based on support for the number and types of available interfaces, traffic throughput capacity, and the network services provided. All platforms share a common design architecture consisting of a Routing Engine (RE) and a Packet Forwarding Engine (PFE). The Juniper SRX SG STIG consists of four documents. The Juniper SRX SG NDM STIG is used to secure the RE functions, such as the Junos software, management functions, device protection, and internal information flow control. The Junos 12.1X46 is the minimum required version for DoD. The Juniper SRX SG Application Layer Gateway (ALG) STIG is used to secure the firewall configuration, which is integrated into all roles of the PFE. The Juniper SRX SG IDPS STIG is used to secure the IDPS configuration when implemented by the PFE. The Juniper SRX SG VPN STIG is used to secure the IPsec VPN configuration when implemented by the PFE.

Checklist Role:

  • Router

Known Issues:

Not Provided

Target Audience:

Not Provided

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not Provided

Regulatory Compliance:

DoD Instruction (DoDI) 8500.01 All technical NIST SP 800-53 requirements were considered while developing this STIG. Requirements that are applicable and configurable will be included in the final STIG. A report marked For Official Use Only (FOUO) will be available for those items that did not meet requirements. This report will be available to component DAA personnel for risk assessment purposes by request via email to: disa.stig_spt@mail.mil

Comments/Warnings/Miscellaneous:

Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Disclaimer:

Not Provided

Product Support:

Not Provided

Point of Contact:

Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Sponsor:

Not Provided

Licensing:

Not Provided

Change History:

moved to FINAL - 6/7/2016
Updated resource - 01/27/2017
Updated to FINAL - 03/13/2017
null
Updated URL to reflect change to the DISA website - http --> https
Updated - 11/01/2017
Updated to FINAL - 11/27/2017
corrected resource title - 1/24/2018
updated to v1,r2 - 02/16/2018
Updated to FINAL - 3/18/2018
updated ALG to v1,r3 - 4/25/18
Updated to FINAL - 5/25/18
Updated URLs - 6/6/19
Updated URLs - 8/12/2019
Updated URL per DISA - 10/28/20
updated URLs - 11/20/2020

Dependency/Requirements:

URL Description

References:

Reference URL Description
https://dl.dod.cyber.mil/wp-content/uploads/stigs/pdf/U_Juniper_SRX_STIG_V1_memo_signed.pdf Juniper SRX Services Gateway (SG) STIG, Ver 1 Release Memo

NIST checklist record last modified on 11/20/2020