Skip to content
Log In

General Purpose Operating System Security Requirements Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • The operating system must notify designated personnel if baseline configurations are changed in an unauthorized manner.

    Unauthorized changes to the baseline configuration could make the system vulnerable to various attacks or allow unauthorized access to the operating system. Changes to operating system configuratio...
    Rule Medium Severity
    Show

  • SRG-OS-000364

    Group
    Show

  • SRG-OS-000365

    Group
    Show

  • The operating system must audit the enforcement actions used to restrict access associated with changes to the system.

    Without auditing the enforcement of access restrictions against changes to the application configuration, it will be difficult to identify attempted attacks and an audit trail will not be available...
    Rule Medium Severity
    Show

  • SRG-OS-000366

    Group
    Show

  • SRG-OS-000368

    Group
    Show

  • The operating system must prevent program execution in accordance with local policies regarding software program usage and restrictions and/or rules authorizing the terms and conditions of software program usage.

    Control of program execution is a mechanism used to prevent execution of unauthorized programs. Some operating systems may provide a capability that runs counter to the mission or provides users wi...
    Rule Medium Severity
    Show

  • SRG-OS-000370

    Group
    Show

  • The operating system must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.

    Utilizing a whitelist provides a configuration management method for allowing the execution of only authorized software. Using only authorized software decreases risk by limiting the number of pote...
    Rule Medium Severity
    Show

  • SRG-OS-000373

    Group
    Show

  • The operating system must require users to reauthenticate for privilege escalation.

    Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability, ...
    Rule Medium Severity
    Show

  • SRG-OS-000373

    Group
    Show

  • SRG-OS-000373

    Group
    Show

  • The operating system must require users to reauthenticate when changing authenticators.

    Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to change user authenticators, it is ...
    Rule Medium Severity
    Show

  • SRG-OS-000375

    Group
    Show

  • SRG-OS-000376

    Group
    Show

  • The operating system must accept Personal Identity Verification (PIV) credentials.

    The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use of the CAC to support identity management and personal authentication f...
    Rule Medium Severity
    Show

  • SRG-OS-000377

    Group
    Show

  • The operating system must electronically verify Personal Identity Verification (PIV) credentials.

    The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use of the CAC to support identity management and personal authentication f...
    Rule Medium Severity
    Show

  • SRG-OS-000378

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules