Skip to content
Log In

Dell OS10 Switch NDM Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • The application must install security-relevant firmware updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).

    Security flaws with firmware are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. Organizations (including any con...
    Rule Medium Severity
    Show

  • SRG-APP-000516-NDM-000334

    Group
    Show

  • SRG-APP-000516-NDM-000335

    Group
    Show

  • The Dell OS10 Switch must enforce access restrictions associated with changes to the system components.

    Changes to the hardware or software components of the network device can have significant effects on the overall security of the network. Therefore, only qualified and authorized individuals should...
    Rule Medium Severity
    Show

  • SRG-APP-000516-NDM-000344

    Group
    Show

  • The Dell OS10 Switch must obtain its public key certificates from an appropriate certificate policy through an approved service provider.

    For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure...
    Rule Medium Severity
    Show

  • SRG-APP-000516-NDM-000350

    Group
    Show

  • The Dell OS10 Switch must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).

    The aggregation of log data kept on a syslog server can be used to detect attacks and trigger an alert to the appropriate security personnel. The stored log data can used to detect weaknesses in se...
    Rule High Severity
    Show

  • SRG-APP-000516-NDM-000351

    Group
    Show

  • The Dell OS10 Switch must be running an operating system release that is currently supported by Dell.

    Network devices running an unsupported operating system lack current security fixes required to mitigate the risks associated with recent vulnerabilities.
    Rule High Severity
    Show

  • SRG-APP-000845-NDM-000220

    Group
    Show

  • SRG-APP-000516

    Group
    Show

  • The Dell OS10 Switch must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access.

    Centralized management of authentication settings increases the security of remote and nonlocal access methods. This control is particularly important protection against the insider threat. With ro...
    Rule High Severity
    Show

  • SRG-APP-000920-NDM-000320

    Group
    Show

  • The Dell OS10 Switch must be configured to assign appropriate user roles or access levels to authenticated users.

    Successful identification and authentication must not automatically give an entity full access to a network device or security domain. The lack of authorization-based access control could result in...
    Rule High Severity
    Show

  • The Dell OS10 Switch must enforce approved authorizations for controlling the flow of management information within the network device based on information flow control policies.

    A mechanism to detect and prevent unauthorized communication flow must be configured or provided as part of the system design. If management information flow is not enforced based on approved autho...
    Rule Medium Severity
    Show

  • The Dell OS10 Switch must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must block any login attempt for 15 minutes.

    By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced.
    Rule Medium Severity
    Show

  • The Dell OS10 Switch must protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by nonrepudiation.

    This requirement supports nonrepudiation of actions taken by an administrator and is required to maintain the integrity of the configuration management process. All configuration changes to the net...
    Rule Medium Severity
    Show

  • The Dell OS10 Switch must prevent the installation of patches, service packs, or application components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization.

    Changes to any software components can have significant effects on the overall security of the network device. Verifying software components have been digitally signed using a certificate that is r...
    Rule Medium Severity
    Show

  • The Dell OS10 Switch must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services.

    To prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable unused o...
    Rule High Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules