TickYouOff
Sign in
Back
🔒

Axonius Ax-OS STIG Compliance Checklist

Hard 20 items · 1 week
testuser's avatar
testuser Published 1 month ago
Security

This checklist summarizes core steps to implement the Axonius Federal Systems Ax-OS STIG for DoD and federal environments. It’s designed for system administrators and security teams who manage Ax-OS instances and need a practical, trackable implementation plan.

Source: https://ncp.nist.gov/checklist/1312

Progress
0 / 20
  1. Download the official Ax-OS STIG document — Get the latest from DISA or public.cyber.mil (search Ax-OS STIG).
  2. Inventory all Ax-OS instances and record versions — Capture hostnames, versions, CPEs, and environment (prod/stage).
  3. Review related OS and component STIGs — Identify applicable OS, database, and network STIGs to apply alongside Ax-OS guidance.
  4. Patch Ax-OS to the latest vendor-supported release — Follow vendor instructions; prefer tested vendor patches addressing CVEs.
  5. Test patches in a staging environment — Validate functionality and rollback procedures before production updates.
  6. Backup Ax-OS configuration and data before changes — Store backups in a secure, access-controlled location.
  7. Enforce strong authentication (MFA/CAC) — Integrate CAC or multi-factor authentication per DoD requirements.
  8. Configure role-based access control and least privilege — Map roles, limit admin privileges, and remove default or shared accounts.
  9. Disable unused services and unnecessary features — Turn off plugins, agents, or modules not required for operation.
  10. Harden network access and management interfaces — Restrict management access and require secure transport for admin traffic.
  11. Restrict management ports to authorized admin networks — Apply firewall rules or ACLs limiting access by CIDR.
  12. Enable TLS with valid certificates for all management endpoints — Use signed certs and disable weak ciphers; no self-signed in prod.
  13. Enable and centralize logging to a SIEM — Forward logs in real time to a monitored SIEM for analysis.
  14. Configure log forwarding and verify delivery — Test log forwarding and alerting from Ax-OS to your SIEM.
  15. Verify log retention, rotation, and secure storage — Ensure retention meets DoDI 8500.01 and audit requirements.
  16. Configure audit settings per the STIG and retain audit records — Enable required audit events, protect logs, and document retention policy.
  17. Run vulnerability scans and remediate findings — Schedule regular scans and track remediation to closure.
  18. Document configuration changes and approvals — Keep change records, baselines, and authorization evidence in a secure repo.
  19. Schedule periodic STIG compliance reviews and updates — Plan quarterly or change-driven reviews to maintain compliance.
  20. Submit comments or change requests to DISA if needed — Email proposals to the official DISA STIG contact address.
Sign in to save
📝 My Notes