The ICS must be configured to protect against known types of denial-of-service (DoS) attacks by enabling JITC mode.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| high | V-268324 | SRG-APP-000435-NDM-000315 | IVCS-NM-000015 | SV-268324r1028339_rule | 2024-09-16 | 2 |
| Description |
|---|
| This configuration protects the confidentiality of Web UI session and guards against DoS attacks. If JITC (DODIN APL) Mode is enabled, then the following protections are enforced: - Log support for detection and prevention of SMURF/SYN Flood/SSL Replay Attack. - Disable ICMPv6 echo response for multicast echo request. - Disable ICMPv6 destination unreachable response. - Password Strengthening. - Notification for unsuccessful admin login attempts. - Re-authentication of admin users. - Notification on admin status change. When JITC and FIPS mode is enabled, it enables DoS attacks such as flooding and replay attack audit logs inherently. JITC and FIPS mode are required for ICS use in DOD. When NDcPP option is enabled, only NDcPP allowed crypto algorithms are allowed. |
| ℹ️ Check |
|---|
| In the ICS Web UI, navigate to System >> Configuration >> Security >> Inbound SSL Options. 1. Verify "Turn on JITC mode" checkbox is enabled (checked). 2. Verify "Turn on NDcPP mode" checkbox is enabled (checked). If JITC mode is not enabled, this is a finding. |
| ✔️ Fix |
|---|
| In the ICS Web UI, navigate to System >> Configuration >> Security >> Inbound SSL Options. 1. Under "DOD Certification Option", check (enabled) "Turn on JITC mode" to enable the JITC mode security features. 2. Once "Turn on JITC mode" is checked, "Turn on NDcPP mode" and "Turn on FIPS mode" are also checked automatically. 3. Click "Save changes" and confirm after the web UI asks for SSL cipher configuration changes. |