General Purpose Operating System Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000185
Group -
The operating system must protect the confidentiality and integrity of all information at rest.
Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive and tape drive, when used for backups) within an operating system. This re...Rule Medium Severity -
SRG-OS-000205
Group -
SRG-OS-000206
Group -
The operating system must reveal error messages only to authorized users.
Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the operating system or pla...Rule Medium Severity -
SRG-OS-000228
Group -
SRG-OS-000239
Group -
SRG-OS-000240
Group -
SRG-OS-000241
Group -
The operating system must audit all account removal actions.
When operating system accounts are removed, user accessibility is affected. Accounts are utilized for identifying individual users or for identifying the operating system processes themselves. In o...Rule Medium Severity -
SRG-OS-000250
Group -
The operating system must implement cryptography to protect the integrity of remote access sessions.
Without cryptographic integrity protections, information can be altered by unauthorized users without detection. Remote access (e.g., RDP) is access to DoD nonpublic information systems by an auth...Rule High Severity -
SRG-OS-000254
Group -
The operating system must initiate session audits at system start-up.
If auditing is enabled late in the start-up process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enab...Rule Medium Severity -
SRG-OS-000255
Group -
SRG-OS-000256
Group -
SRG-OS-000257
Group -
SRG-OS-000258
Group -
The operating system must protect audit tools from unauthorized deletion.
Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operatio...Rule Medium Severity -
SRG-OS-000259
Group -
The operating system must limit privileges to change software resident within software libraries.
If the operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part...Rule Medium Severity -
SRG-OS-000266
Group -
The operating system must enforce password complexity by requiring that at least one special character be used.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity or strength is a measure of the effectiveness of a password in resisting ...Rule Medium Severity -
SRG-OS-000269
Group -
SRG-OS-000274
Group -
SRG-OS-000275
Group -
SRG-OS-000276
Group -
SRG-OS-000277
Group -
SRG-OS-000278
Group -
SRG-OS-000279
Group -
SRG-OS-000280
Group -
SRG-OS-000281
Group -
The operating system must display an explicit logoff message to users indicating the reliable termination of authenticated communications sessions.
If a user cannot explicitly end an operating system session, the session may remain open and be exploited by an attacker; this is referred to as a zombie session. Users need to be aware of whether ...Rule Medium Severity -
SRG-OS-000297
Group -
SRG-OS-000298
Group -
The operating system must provide the capability to immediately disconnect or disable remote access to the operating system.
Without the ability to immediately disconnect or disable remote access, an attack or other compromise taking place would not be immediately stopped. Operating system remote access functionality mu...Rule Medium Severity -
SRG-OS-000299
Group -
SRG-OS-000300
Group -
The operating system must protect wireless access to the system using authentication of users and/or devices.
Allowing devices and users to connect to the system without first authenticating them allows untrusted access and can lead to a compromise or attack. Wireless technologies include, for example, mi...Rule Medium Severity -
SRG-OS-000303
Group -
The operating system must audit all account enabling actions.
Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to enable a new ...Rule Medium Severity -
SRG-OS-000304
Group -
SRG-OS-000312
Group -
SRG-OS-000312
Group -
SRG-OS-000312
Group -
The operating system must allow operating system admins to change security attributes on users, the operating system, or the operating systems components.
Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which...Rule Medium Severity -
SRG-OS-000324
Group -
SRG-OS-000326
Group -
The operating system must prevent all software from executing at higher privilege levels than users executing the software.
In certain situations, software applications/programs need to execute with elevated privileges to perform required functions. However, if the privileges required for execution are at a higher level...Rule Medium Severity -
SRG-OS-000327
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.