Skip to content
Log In

Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • Ubuntu 22.04 LTS must not have accounts configured with blank or null passwords.

    If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords must never be used in operational environments.
    Rule High Severity
    Show

  • SRG-OS-000120-GPOS-00061

    Group
    Show

  • Ubuntu 22.04 LTS must encrypt all stored passwords with a FIPS 140-3-approved cryptographic hashing algorithm.

    Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily c...
    Rule Medium Severity
    Show

  • SRG-OS-000375-GPOS-00160

    Group
    Show

  • SRG-OS-000376-GPOS-00161

    Group
    Show

  • Ubuntu 22.04 LTS must accept personal identity verification (PIV) credentials.

    The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DOD has mandated the use of the common access card (CAC) to support identity management and ...
    Rule Medium Severity
    Show

  • SRG-OS-000105-GPOS-00052

    Group
    Show

  • SRG-OS-000377-GPOS-00162

    Group
    Show

  • SRG-OS-000066-GPOS-00034

    Group
    Show

  • SRG-OS-000384-GPOS-00167

    Group
    Show

  • Ubuntu 22.04 LTS for PKI-based authentication, must implement a local cache of revocation data in case of the inability to access revocation information via the network.

    Without configuring a local cache of revocation data, there is the potential to allow access to users who are no longer authorized (users with revoked certificates).
    Rule Medium Severity
    Show

  • SRG-OS-000068-GPOS-00036

    Group
    Show

  • Ubuntu 22.04 LTS must map the authenticated identity to the user or group account for PKI-based authentication.

    Without mapping the certificate used to authenticate to the user account, the ability to determine the identity of the individual user or group will not be available for forensic analysis.
    Rule High Severity
    Show

  • SRG-OS-000403-GPOS-00182

    Group
    Show

  • Ubuntu 22.04 LTS must use DOD PKI-established certificate authorities for verification of the establishment of protected sessions.

    Untrusted certificate authorities (CA) can issue certificates, but they may be issued by organizations or individuals that seek to compromise DOD systems or by organizations with insufficient secur...
    Rule Medium Severity
    Show

  • SRG-OS-000383-GPOS-00166

    Group
    Show

  • SRG-OS-000445-GPOS-00199

    Group
    Show

  • SRG-OS-000445-GPOS-00199

    Group
    Show

  • Ubuntu 22.04 LTS must configure AIDE to perform file integrity checking on the file system.

    Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmwar...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules