Dell OS10 Switch NDM Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The Dell OS10 Switch must be configured to disable the Bash shell.
To prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable unused o...Rule High Severity -
The Dell OS10 Switch must be configured to use DOD PKI as multifactor authentication (MFA) for interactive logins.
MFA is when two or more factors are used to confirm the identity of an individual who is requesting access to digital information resources. Valid factors include something the individual knows (e....Rule High Severity -
The Dell OS10 Switch must implement replay-resistant authentication mechanisms for network access to privileged accounts.
A replay attack may enable an unauthorized user to gain access to the application. Authentication sessions between the authenticator and the application validating the user credentials must not be ...Rule Medium Severity -
The Dell OS10 Switch must enforce password complexity by requiring that at least one uppercase character be used.
Use of a complex passwords helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisti...Rule Medium Severity -
The Dell OS10 Switch must enforce password complexity by requiring that at least one lowercase character be used.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...Rule Medium Severity -
The Dell OS10 Switch must enforce password complexity by requiring that at least one numeric character be used.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...Rule Medium Severity -
The Dell OS10 Switch, for PKI-based authentication, must be configured to map validated certificates to unique user accounts.
Without mapping the PKI certificate to a unique user account, the ability to determine the identities of individuals or the status of their nonrepudiation is considerably impacted during forensic a...Rule High Severity -
The Dell OS10 Switch must use FIPS 140-2 approved algorithms for authentication to a cryptographic module.
Unapproved mechanisms that are used for authentication to the cryptographic module are not validated and therefore cannot be relied upon to provide confidentiality or integrity, and DOD data may be...Rule High Severity -
The Dell OS10 Switch must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after five minutes of inactivity except to fulfill documented and validated mission requirements.
Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port th...Rule High Severity -
The Dell OS10 Switch must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.
Preventing nonprivileged users from executing privileged functions mitigates the risk that unauthorized individuals or processes may gain unnecessary access to information or privileges. Privileg...Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.