General Purpose Operating System Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The operating system must generate audit records when successful/unsuccessful attempts to delete security objects occur.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
The operating system must generate audit records for privileged activities or other system-level access.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
The operating system must generate audit records for all kernel module load, unload, and restart actions, and also for all program initiations.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
The operating system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The operating system must implement cryptographic modules adhering to the higher stand...Rule High Severity -
The operating system must enforce a delay of at least 4 seconds between logon prompts following a failed logon attempt.
Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account.Rule Medium Severity -
The operating system must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.
Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security ba...Rule Medium Severity -
The operating system must protect the confidentiality and integrity of communications with wireless peripherals.
Without protection of communications with wireless peripherals, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read, altered, or u...Rule High Severity -
The operating system must disable accounts when the accounts are no longer associated to a user.
Disabling expired, inactive, or otherwise anomalous accounts supports the concepts of least privilege and least functionality which reduce the attack surface of the system.Rule Medium Severity -
The operating system must prohibit the use or connection of unauthorized hardware components.
Hardware components provide the foundation for organizational systems and the platform for the execution of authorized software programs. Managing the inventory of hardware components and controlli...Rule Medium Severity -
The operating system must implement multifactor authentication for local, network, and/or remote access to privileged accounts and/or nonprivileged accounts such that the device meets organization-defined strength of mechanism requirements.
The purpose of requiring a device separate from the system to which the user is attempting to gain access for one of the factors during multifactor authentication is to reduce the likelihood of com...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.