STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated just now
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to STIGs

Nokia Service Router OS 25.x Network Device Management Security Technical Implementation Guide

Version

V1R1

Release Date

Jun 15, 2026

SCAP Benchmark ID

Nokia_SR_OS_25-x_NDM_STIG

Total Checks

37

Tags

network
CAT I: 9CAT II: 28CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of War (DoW) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSONDownload STIG ZIP

Checks (37)

V-283760MEDIUMThe Nokia router must limit the number of concurrent management sessions to a maximum of three for each administrator account and/or administrator account type.V-283761HIGHThe Nokia router must be configured to assign appropriate user roles or access levels to authenticated users.V-283762MEDIUMThe Nokia router must enforce approved authorizations for controlling the flow of management information within the network device based on information flow control policies.V-283763MEDIUMThe Nokia router must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must block any login attempt for 15 minutes.V-283764MEDIUMThe Nokia router must display the Standard Mandatory DoW Notice and Consent Banner before granting access to the device, and it must remain until the administrator acknowledges the usage conditions and takes explicit action to log on for further access.V-283765MEDIUMThe Nokia router must initiate session auditing upon startup.V-283766MEDIUMThe Nokia router must protect audit information from unauthorized modification.V-283767MEDIUMThe Nokia router must prevent the installation of patches, service packs, or application components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization.V-283768HIGHThe Nokia router must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services.V-283769MEDIUMThe Nokia router must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.V-283770MEDIUMThe Nokia router must enforce a minimum 15-character password length.V-283771MEDIUMThe Nokia router must enforce password complexity.V-283772MEDIUMThe Nokia router must require that when a password is changed, the characters are changed in at least eight of the positions within the password.V-283773HIGHThe Nokia router must only store cryptographic representations of passwords.V-283774HIGHThe Nokia router must use Federal Information Processing Standard (FIPS) 140-3-approved algorithms for authentication to a cryptographic module.V-283775HIGHThe Nokia router must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after five minutes of inactivity except to fulfill documented and validated mission requirements.V-283776MEDIUMThe Nokia router must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.V-283777MEDIUMThe Nokia router must generate an immediate real-time alert for all audit failure events requiring real-time alerts.V-283778MEDIUMThe Nokia router must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).V-283779MEDIUMThe Nokia router must record time stamps for audit records that meet a granularity of one second for a minimum degree of precision.V-283780MEDIUMThe Nokia router must be configured to authenticate Simple Network Management Protocol (SNMP) messages using a Federal Information Processing Standard (FIPS)-validated Keyed-Hash message authentication code.V-283781MEDIUMThe Nokia router must be configured to authenticate Network Time Protocol (NTP) sources using authentication with a Federal Information Processing Standard (FIPS)-compliant algorithm.V-283782HIGHThe Nokia router must use Federal Information Processing Standard (FIPS)-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of nonlocal maintenance and diagnostic communications.V-283783MEDIUMThe Nokia router must be configured to protect against known types of denial-of-service (DoS) attacks by employing organization-defined security safeguards.V-283784MEDIUMThe Nokia router must off-load audit records onto a different system or media than the system being audited.V-283785HIGHThe Nokia router must be configured to use at least two authentication servers for authenticating users prior to granting administrative access.V-283786MEDIUMThe Nokia router must be configured to conduct backups of system-level information contained in the information system when changes occur.V-283787MEDIUMThe Nokia router must obtain its public key certificates from an appropriate certificate policy through an approved service provider.V-283788HIGHThe Nokia router must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).V-283789HIGHThe Nokia router must be running an operating system release that is currently supported by the vendor.V-283790MEDIUMThe Nokia router must be configured to alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.V-283791MEDIUMThe Nokia router must be configured to implement a local cache of revocation data to support path discovery and validation for public key-based authentication.V-283792MEDIUMThe Nokia router must be configured to protect nonlocal maintenance sessions by separating the maintenance session from other network sessions within the system by logically separated communications paths.V-283793MEDIUMThe Nokia router must be configured to include only approved trust anchors in trust stores or certificate stores managed by the organization.V-283794MEDIUMThe Nokia router must be configured to synchronize system clocks within and between systems or system components.V-283795MEDIUMThe Nokia router must be configured to compare the internal system clocks on an organization-defined frequency with an organization-defined authoritative time source.V-283799MEDIUMThe Nokia router must be configured to implement multifactor authentication for local, network, and/or remote access to privileged and nonprivileged accounts such that the device meets organization-defined strength of mechanism requirements.