TickYouOff
Sign in
Back
🔒

Axonius Ax-OS STIG

Hard 20 items · 1 week
testuser's avatar
testuser Published 4 weeks ago
Security

This checklist helps implement the Axonius Federal Systems Ax-OS STIG (Ver 1, Rel 2) controls for managed environments. It’s aimed at IT administrators, security engineers, and compliance teams who need a practical, step-by-step guide to assess and harden Ax-OS according to DISA guidance.

Source: https://ncp.nist.gov/checklist/1312

Progress
0 / 20
  1. Download Ax-OS STIG documents — Get the Ver 1, Rel 2 STIG from DISA or public.cyber.mil.
  2. Verify Ax-OS version and CPE — Confirm the deployed Ax-OS version matches the STIG target.
  3. Inventory Ax-OS assets and roles — Record instances, owners, admin accounts, and integrations.
  4. Backup Ax-OS configuration files — Take full config and export backups before changes.
  5. Review STIG controls and checklist — Map STIG requirements to your Ax-OS deployment.
  6. Perform STIG compliance scan — Run available Ax-OS or third-party checks to find gaps.
  7. Apply critical security patches and updates — Patch Ax-OS and underlying components promptly.
  8. Harden default accounts and change default passwords — Remove or rename defaults; apply strong passwords.
  9. Configure role-based access control (RBAC) and least privilege — Define roles, limit admin privileges, and use separate accounts.
  10. Enable multi-factor authentication for administrative users — Require MFA for all high-privilege and remote admin access.
  11. Restrict network access to management interfaces — Limit management ports via firewall or ACL to authorized hosts.
  12. Configure centralized logging and log retention — Ensure Ax-OS logs are forwarded and retained per policy.
  13. Set up log forwarding to SIEM — Forward audit and system logs to your centralized SIEM.
  14. Set log retention and rotation policy — Define retention period and rotate logs securely.
  15. Enable audit and change tracking for configurations — Turn on configuration audit trails and record changes.
  16. Enforce secure communication (TLS) and certificate management — Use up-to-date TLS and manage certificates centrally.
  17. Verify NTP synchronization and secure time sources — Configure trusted NTP and ensure consistent timestamps.
  18. Document deviations, mitigations, and remediation plans — Record approved exceptions and planned remediation actions.
  19. Create a remediation action tracker and assign owners — Track findings, priorities, target dates, and responsible staff.
  20. Schedule periodic STIG reassessments and scans — Set recurring reviews to detect regressions and new issues.
Sign in to save
📝 My Notes