Unified Access Gateway supports configuration settings to allow Unified Access Gateway to comply with the Photon 3 OS Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG).

This OS compliance requires specific configuration in the Unified Access Gateway appliance.

The configuration changes are listed as follows:
  1. Deploy the FIPS version of Unified Access Gateway.
  2. Configure the following parameters during deployment.
Note: You can configure these parameters only at the time of deployment. If you do not configure during deployment, Unified Access Gateway includes the default values.
Parameter Description
dsComplianceOS Set to true to enable DISA STIG OS compliance settings.
rootPasswordExpirationDays Number of days after which the root password must be mandatorily reset.

Set the value to 90.

passwordPolicyMinLen Minimum length of the root password.

Set the value to 8.

passwordPolicyMinClass Minimum complexity of the root password.

Set the value to 4.

sshEnabled Set to true to automatically enable SSH access on the deployed appliance.
sshLoginBannerText Set to an appropriate login banner that includes the text

You are accessing a U.S. Government System.

rootSessionIdleTimeoutSeconds Duration in seconds after which an idle session of the root user will expire.

Set the value to 900.

passwordPolicyFailedLockout Number of failed login attempts after which admin user access is locked out temporarily.

Set the value to 3.

sshInterface Set to eth0, eth1 or eth2 according to which Unified Access Gateway NIC SSH is accessed.

For example, sshInterface=eth0.

sshPort Set to an unused port value other than port 22.

For example, sshPort=30.

syslogUrl Set the syslog URL.

For example, syslog://mysyslog.example.int:514.


Set the hostname(s) for NTP servers.

For example, mytimesvr1.example.int, mytimesvr1.example.int.