General Purpose Operating System Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000329
Group -
The operating system must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes occur.
By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the a...Rule Medium Severity -
SRG-OS-000337
Group -
SRG-OS-000341
Group -
SRG-OS-000342
Group -
The operating system must offload audit records onto a different system or media from the system being audited.
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.Rule Low Severity -
SRG-OS-000343
Group -
The operating system must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.
If security personnel are not notified immediately when storage volume reaches 75% utilization, they are unable to plan for audit record storage capacity expansion.Rule Low Severity -
SRG-OS-000344
Group -
SRG-OS-000348
Group -
The operating system must provide an audit reduction capability that supports on-demand audit review and analysis.
The ability to perform on-demand audit review and analysis, including after the audit data has been subjected to audit reduction, greatly facilitates the organization's ability to generate incident...Rule Low Severity -
SRG-OS-000349
Group -
SRG-OS-000350
Group -
SRG-OS-000351
Group -
SRG-OS-000352
Group -
The operating system must provide a report generation capability that supports after-the-fact investigations of security incidents.
If the report generation capability does not support after-the-fact investigations, it is difficult to establish, correlate, and investigate the events leading up to an outage or attack or identify...Rule Low Severity -
SRG-OS-000353
Group -
SRG-OS-000354
Group -
The operating system must not alter original content or time ordering of audit records when it provides a report generation capability.
If the report generation capability alters the content or time ordering of audit records, the integrity of the audit records is compromised, and the records are no longer usable for forensic analys...Rule Medium Severity -
SRG-OS-000355
Group -
SRG-OS-000356
Group -
The operating system must synchronize internal information system clocks to the authoritative time source when the time difference is greater than one second.
Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when condu...Rule Medium Severity -
SRG-OS-000358
Group -
The operating system must record time stamps for audit records that meet a minimum granularity of one second for a minimum degree of precision.
Without sufficient granularity of time stamps, it is not possible to adequately determine the chronological order of records. Time stamps generated by the operating system include date and time. G...Rule Medium Severity -
SRG-OS-000359
Group -
The operating system must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).
If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analysis. Time stamps generated by the operating system include date and time...Rule Low Severity -
SRG-OS-000360
Group -
The operating system must enforce dual authorization for movement and/or deletion of all audit information, when such movement or deletion is not part of an authorized automatic process.
An authorized user may intentionally or accidentally move or delete audit records without those specific actions being authorized. All bulk manipulation of audit information must be authorized via...Rule Medium Severity -
SRG-OS-000362
Group -
SRG-OS-000363
Group -
The operating system must notify designated personnel if baseline configurations are changed in an unauthorized manner.
Unauthorized changes to the baseline configuration could make the system vulnerable to various attacks or allow unauthorized access to the operating system. Changes to operating system configuratio...Rule Medium Severity -
SRG-OS-000364
Group -
SRG-OS-000365
Group -
The operating system must audit the enforcement actions used to restrict access associated with changes to the system.
Without auditing the enforcement of access restrictions against changes to the application configuration, it will be difficult to identify attempted attacks and an audit trail will not be available...Rule Medium Severity -
SRG-OS-000366
Group -
SRG-OS-000368
Group -
The operating system must prevent program execution in accordance with local policies regarding software program usage and restrictions and/or rules authorizing the terms and conditions of software program usage.
Control of program execution is a mechanism used to prevent execution of unauthorized programs. Some operating systems may provide a capability that runs counter to the mission or provides users wi...Rule Medium Severity -
SRG-OS-000370
Group -
The operating system must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.
Utilizing a whitelist provides a configuration management method for allowing the execution of only authorized software. Using only authorized software decreases risk by limiting the number of pote...Rule Medium Severity -
SRG-OS-000373
Group -
The operating system must require users to reauthenticate for privilege escalation.
Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability, ...Rule Medium Severity -
SRG-OS-000373
Group -
SRG-OS-000373
Group -
The operating system must require users to reauthenticate when changing authenticators.
Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to change user authenticators, it is ...Rule Medium Severity -
SRG-OS-000375
Group -
SRG-OS-000376
Group -
The operating system must accept Personal Identity Verification (PIV) credentials.
The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use of the CAC to support identity management and personal authentication f...Rule Medium Severity -
SRG-OS-000377
Group -
The operating system must electronically verify Personal Identity Verification (PIV) credentials.
The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use of the CAC to support identity management and personal authentication f...Rule Medium Severity -
SRG-OS-000378
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.