Unified Access Gateway supports configuration settings to allow Unified Access Gateway to comply with the Photon 3 OS Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG).
This OS compliance requires specific configuration in the Unified Access Gateway appliance.
- Deploy the FIPS version of Unified Access Gateway.
- Configure the following parameters during deployment.
Parameter | Description |
---|---|
dsComplianceOS | Set to true to enable DISA STIG OS compliance settings. |
rootPasswordExpirationDays | Number of days after which the root password must be mandatorily reset. Set the value to |
passwordPolicyMinLen | Minimum length of the root password. Set the value to |
passwordPolicyMinClass | Minimum complexity of the root password. Set the value to |
sshEnabled | Set to true to automatically enable SSH access on the deployed appliance. |
sshLoginBannerText | Set to an appropriate login banner that includes the text
|
rootSessionIdleTimeoutSeconds | Duration in seconds after which an idle session of the root user will expire. Set the value to |
passwordPolicyFailedLockout | Number of failed login attempts after which admin user access is locked out temporarily. Set the value to |
sshInterface | Set to eth0 , eth1 or eth2 according to which Unified Access Gateway NIC SSH is accessed. For example, |
sshPort | Set to an unused port value other than port 22. For example, |
syslogUrl | Set the syslog URL. For example, |
ntpServers | Set the hostname(s) for NTP servers. For example, |