Application Server Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The application server must generate log records for all account creations, modifications, disabling, and termination events.
The maintenance of user accounts is a key activity within the system to determine access and privileges. Through changes to accounts, an attacker can create an account for persistent access, modif...Rule Medium Severity -
The application server must, at a minimum, transfer the logs of interconnected systems in real time, and transfer the logs of standalone systems weekly.
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Protecting log data is important during a forensic investigation to ensure investigators can tr...Rule Medium Severity -
The application server must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
Cryptography is only as strong as the encryption modules/algorithms employed to encrypt the data. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to pr...Rule Medium Severity -
The application server must alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.
Audit information includes all information needed to successfully audit system activity, such as audit records, audit log settings, audit reports, and personally identifiable information. Audit log...Rule Medium Severity -
The application server must protect nonlocal maintenance sessions by separating the maintenance session from other network sessions with the system by logically separated communications paths.
Nonlocal maintenance and diagnostic activities are conducted by individuals who communicate through either an external or internal network. Communications paths can be logically separated using enc...Rule Medium Severity -
The application server must synchronize system clocks within and between systems or system components.
Time synchronization of system clocks is essential for the correct execution of many system services, including identification and authentication processes that involve certificates and time-of-day...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.