Skip to content
Log In

General Purpose Operating System Security Requirements Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • The operating system must generate audit records for all direct access to the information system.

    Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...
    Rule Medium Severity
    Show

  • SRG-OS-000476

    Group
    Show

  • The operating system must generate audit records for all account creations, modifications, disabling, and termination events.

    Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...
    Rule Medium Severity
    Show

  • SRG-OS-000477

    Group
    Show

  • SRG-OS-000478

    Group
    Show

  • SRG-OS-000479

    Group
    Show

  • The operating system must, at a minimum, off-load audit data from interconnected systems in real time and off-load audit data from standalone systems weekly.

    Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.
    Rule Medium Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • The operating system must prevent the use of dictionary words for passwords.

    If the operating system allows the user to select passwords based on dictionary words, then this increases the chances of password compromise by increasing the opportunity for successful guesses an...
    Rule Medium Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • SRG-OS-000480

    Group
    Show

  • SRG-OS-000480

    Group
    Show

  • The operating system must define default permissions for all authenticated users in such a way that the user can only read and modify their own files.

    Setting the most restrictive default permissions ensures that when new accounts are created they do not have unnecessary access.
    Rule Medium Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • The operating system must not allow an unattended or automatic logon to the system.

    Failure to restrict system access to authenticated users negatively impacts operating system security.
    Rule High Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • The operating system must limit the ability of non-privileged users to grant other users direct access to the contents of their home directories/folders.

    Users' home directories/folders may contain information of a sensitive nature. Non-privileged users should coordinate any sharing of information with an SA through shared resources.
    Rule Medium Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • The operating system must enable an application firewall, if available.

    Firewalls protect computers from network attacks by blocking or limiting access to open network ports. Application firewalls limit which applications are allowed to communicate over the network.
    Rule Medium Severity
    Show

  • SRG-OS-000481

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules