Dell OS10 Switch NDM Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The Dell OS10 Switch must generate an immediate real-time alert of all audit failure events requiring real-time alerts.
It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impe...Rule Medium Severity -
The Dell OS10 Switch must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).
Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. Bidirectional authentication provides stronger safeguards to validate the...Rule Medium Severity -
The Dell OS10 Switch must authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.
If NTP is not authenticated, an attacker can introduce a rogue NTP server. This rogue server can then be used to send incorrect time information to network devices, which will make log timestamps i...Rule Medium Severity -
The Dell OS10 Switch must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of nonlocal maintenance and diagnostic communications.
Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DOD data may be ...Rule High Severity -
The Dell OS10 Switch must be configured to protect against known types of denial-of-service (DoS) attacks by employing organization-defined security safeguards.
DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity. This require...Rule Medium Severity -
The Dell OS10 Switch must generate log records for a locally developed list of auditable events.
Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means to investigate an attack; to recognize resource usage or capacity thres...Rule Medium Severity -
The Dell OS10 Switch must not have any default manufacturer passwords when deployed.
Password-based authentication applies to passwords regardless of whether they are used in single-factor or multifactor authentication. Long passwords or passphrases are preferable over shorter pass...Rule Medium Severity -
The Dell OS10 Switch must be configured to synchronize internal information system clocks using redundant authoritative time sources.
The loss of connectivity to a particular authoritative time source will result in the loss of time synchronization (free-run mode) and increasingly inaccurate time stamps on audit events and other ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.