Skip to content
Log In

Dell OS10 Switch NDM Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000001-NDM-000200

    Group
    Show

  • The Dell OS10 Switch must limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type.

    Device management includes the ability to control the number of administrators and management sessions that manage a device. Limiting the number of allowed administrators and sessions per administr...
    Rule Medium Severity
    Show

  • SRG-APP-000033-NDM-000212

    Group
    Show

  • SRG-APP-000038-NDM-000213

    Group
    Show

  • SRG-APP-000065-NDM-000214

    Group
    Show

  • SRG-APP-000068-NDM-000215

    Group
    Show

  • The Dell OS10 device must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the device.

    Display of the DOD-approved use notification before granting access to the network device ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executi...
    Rule Medium Severity
    Show

  • SRG-APP-000080-NDM-000220

    Group
    Show

  • SRG-APP-000092-NDM-000224

    Group
    Show

  • The Dell OS10 Switch must initiate session auditing upon startup.

    If auditing is enabled late in the startup process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabl...
    Rule Medium Severity
    Show

  • SRG-APP-000131-NDM-000243

    Group
    Show

  • SRG-APP-000142-NDM-000245

    Group
    Show

  • SRG-APP-000142-NDM-000245

    Group
    Show

  • SRG-APP-000148-NDM-000346

    Group
    Show

  • The Dell OS10 Switch must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.

    Authentication for administrative (privileged level) access to the device is always required. An account can be created on the device's local database for use when the authentication server is down...
    Rule Medium Severity
    Show

  • SRG-APP-000149-NDM-000247

    Group
    Show

  • SRG-APP-000156-NDM-000250

    Group
    Show

  • SRG-APP-000164-NDM-000252

    Group
    Show

  • The Dell OS10 Switch must enforce a minimum 15-character password length.

    Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one factor of several that helps to d...
    Rule Medium Severity
    Show

  • SRG-APP-000166-NDM-000254

    Group
    Show

  • SRG-APP-000167-NDM-000255

    Group
    Show

  • SRG-APP-000168-NDM-000256

    Group
    Show

  • SRG-APP-000169-NDM-000257

    Group
    Show

  • The Dell OS10 Switch must enforce password complexity by requiring that at least one special character be used.

    Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...
    Rule Medium Severity
    Show

  • SRG-APP-000175-NDM-000262

    Group
    Show

  • The Dell OS10 Switch must be configured to use DOD-approved OCSP responders or CRLs to validate certificates used for PKI-based authentication.

    Once issued by a DOD certificate authority (CA), public key infrastructure (PKI) certificates are typically valid for three years or shorter within the DOD. However, there are many reasons a certif...
    Rule High Severity
    Show

  • SRG-APP-000177-NDM-000263

    Group
    Show

  • SRG-APP-000179-NDM-000265

    Group
    Show

  • SRG-APP-000190-NDM-000267

    Group
    Show

  • SRG-APP-000340-NDM-000288

    Group
    Show

  • SRG-APP-000360-NDM-000295

    Group
    Show

  • SRG-APP-000395-NDM-000310

    Group
    Show

  • SRG-APP-000395-NDM-000347

    Group
    Show

  • SRG-APP-000400-NDM-000313

    Group
    Show

  • The Dell OS10 Switch must prohibit the use of cached authenticators after an organization-defined time period.

    Some authentication implementations can be configured to use cached authenticators. If cached authentication information is out-of-date, the validity of the authentication information may be quest...
    Rule Medium Severity
    Show

  • SRG-APP-000411-NDM-000330

    Group
    Show

  • SRG-APP-000412-NDM-000331

    Group
    Show

  • The Dell OS10 Switch must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions.

    This requires the use of secure protocols instead of their unsecured counterparts, such as SSH instead of telnet, SCP instead of FTP, and HTTPS instead of HTTP. If unsecured protocols (lacking cryp...
    Rule High Severity
    Show

  • SRG-APP-000435-NDM-000315

    Group
    Show

  • SRG-APP-000457-NDM-000352

    Group
    Show

  • The application must install security-relevant firmware updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).

    Security flaws with firmware are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. Organizations (including any con...
    Rule Medium Severity
    Show

  • SRG-APP-000516-NDM-000334

    Group
    Show

  • SRG-APP-000516-NDM-000335

    Group
    Show

  • The Dell OS10 Switch must enforce access restrictions associated with changes to the system components.

    Changes to the hardware or software components of the network device can have significant effects on the overall security of the network. Therefore, only qualified and authorized individuals should...
    Rule Medium Severity
    Show

  • SRG-APP-000516-NDM-000344

    Group
    Show

  • The Dell OS10 Switch must obtain its public key certificates from an appropriate certificate policy through an approved service provider.

    For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure...
    Rule Medium Severity
    Show

  • SRG-APP-000516-NDM-000350

    Group
    Show

  • The Dell OS10 Switch must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).

    The aggregation of log data kept on a syslog server can be used to detect attacks and trigger an alert to the appropriate security personnel. The stored log data can used to detect weaknesses in se...
    Rule High Severity
    Show

  • SRG-APP-000516-NDM-000351

    Group
    Show

  • The Dell OS10 Switch must be running an operating system release that is currently supported by Dell.

    Network devices running an unsupported operating system lack current security fixes required to mitigate the risks associated with recent vulnerabilities.
    Rule High Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules