Skip to content
ATO Pathways
  Log In

CCI-000368

Document any deviations from the established configuration settings for organization-defined system components based on organization-defined operational requirements.

Logo
29

Rule

Severity: Medium
Disable GSSAPI Authentication
Logo
29

Rule

Severity: Medium
Disable Kerberos Authentication
Logo
16

Rule

Severity: Medium
Ensure rsyslog Does Not Accept Remote Messages Unless Acting As Log Server
Logo
11

Rule

Severity: Medium
Ensure No Device Files are Unlabeled by SELinux
Logo
15

Rule

Severity: High
Uninstall tftp-server Package
Logo
2

Rule

Severity: Medium
CA-ACF2 RULEOPTS GSO record values must be set to the values specified.
Logo
2

Rule

Severity: Low
ACF2 APPLDEF GSO record if used must have supporting documentation indicating the reason it was used.
Logo
2

Rule

Severity: Medium
ACF2 SECVOLS GSO record value must be set to VOLMASK(). Any local changes are justified and documented with the ISSO.
Logo
2

Rule

Severity: Medium
ACF2 RESVOLS GSO record value must be set to Volmask(-). Any other setting requires documentation justifying the change.
Logo
1

Rule

Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that all system device files are correctly labeled to prevent unauthorized modification.
Logo
1

Rule

Severity: Medium
The Red Hat Enterprise Linux operating system must set the umask value to 077 for all local interactive user accounts.
Logo
1

Rule

Severity: Medium
The Red Hat Enterprise Linux operating system must not allow removable media to be used as the boot loader unless approved.
Logo
1

Rule

Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that the rsyslog daemon does not accept log messages from other servers unless the server is being used for log aggregation.
Logo
1

Rule

Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not permit Generic Security Service Application Program Interface (GSSAPI) authentication unless needed.
Logo
1

Rule

Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not permit Kerberos authentication unless needed.
Logo
1

Rule

Severity: High
The Red Hat Enterprise Linux operating system must not have the Trivial File Transfer Protocol (TFTP) server package installed if not required for operational support.

Patternfly

PatternFly elements

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules