STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated 1 hour ago
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Ivanti Policy Secure NDM Security Technical Implementation Guide

V-284535

CAT I (High)

The Ivanti Policy Secure must enable IPS, JITC, and NDcPP compliance modes to ensure only FIPS 140-2/140-3 algorithms are used.

Rule ID

SV-284535r1244943_rule

STIG

Ivanti Policy Secure NDM Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-003123CCI-000382CCI-000803CCI-001188CCI-002385

Discussion

Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DoW data may be compromised. This requires the use of secure protocols instead of their unsecured counterparts, such as SSH instead of telnet, SCP instead of FTP, and HTTPS instead of HTTP. If unsecured protocols (lacking cryptographic mechanisms) are used for sessions, the contents of those sessions will be susceptible to eavesdropping, potentially putting sensitive data (including administrator passwords) at risk of compromise and potentially allowing hijacking of maintenance sessions. Satisfies: SRG-APP-000412-NDM-000331, SRG-APP-000142-NDM-000245, SRG-APP-000156-NDM-000250, SRG-APP-000179-NDM-000265, SRG-APP-000224-NDM-000270, SRG-APP-000435-NDM-000315, SRG-APP-000516-NDM-000317

Check Content

1. In the Web UI, navigate to System >> Configuration >> Security >> Inbound SSL Options.
2. Verify the "Turn on JITC mode" checkbox is not checked.
3. Verify the "Turn on NDcPP mode" checkbox is not checked.
4. Verify the "Turn on FIPS mode" checkbox is not checked.

If JITC and NDcPP compliance modes are not configured, this is a finding.

Fix Text

1. In the Web UI, navigate to System >> Configuration >> Security >> Inbound SSL Options.
2. Under the DoW Certification option, enable "Turn on JITC mode" to enable the JITC mode security features.
3. Under SSL NDcPP Mode Option, enable "Turn on NDcPP mode" to enable the NDcPP mode security features.
4. Under SSL FIPS Mode Option, check enable "Turn on FIPS mode" to enable the FIPS mode security features.
5. Click "Save changes" and confirm after the web UI asks for SSL cipher configuration changes.