Application Security and Development Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The application must have a process, feature or function that prevents removal or disabling of emergency accounts.
Emergency accounts are administrator accounts which are established in response to crisis situations where the need for rapid account activation is required. Therefore, emergency account activation...Rule Low Severity -
SRG-APP-000025
Group -
The application must automatically disable accounts after a 35 day period of account inactivity.
Attackers that are able to exploit an inactive account can potentially obtain and maintain undetected access to an application. Owners of inactive accounts will not notice if unauthorized access to...Rule Low Severity -
SRG-APP-000025
Group -
SRG-APP-000026
Group -
SRG-APP-000027
Group -
SRG-APP-000028
Group -
The application must automatically audit account disabling actions.
When application accounts are disabled, user accessibility is affected. Accounts are utilized for identifying individual application users or for identifying the application processes themselves. I...Rule Medium Severity -
SRG-APP-000029
Group -
SRG-APP-000291
Group -
SRG-APP-000292
Group -
SRG-APP-000293
Group -
The application must notify system administrators (SAs) and information system security officers (ISSOs) of account disabling actions.
Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simply create...Rule Low Severity -
SRG-APP-000294
Group -
SRG-APP-000319
Group -
SRG-APP-000320
Group -
The application must notify system administrators (SAs) and information system security officers (ISSOs) of account enabling actions.
Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to enable an acc...Rule Low Severity -
SRG-APP-000323
Group -
Application data protection requirements must be identified and documented.
Failure to protect organizational information from data mining may result in a compromise of information. In order to assign the appropriate data protections, application data must be identified an...Rule Medium Severity -
SRG-APP-000324
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.