General Purpose Operating System Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000471
Group -
SRG-OS-000471
Group -
The audit system must be configured to audit the loading and unloading of dynamic kernel modules.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
SRG-OS-000472
Group -
The operating system must generate audit records showing starting and ending time for user access to the system.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
SRG-OS-000473
Group -
The operating system must generate audit records when concurrent logons to the same account occur from different sources.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
SRG-OS-000474
Group -
The operating system must generate audit records when successful/unsuccessful accesses to objects occur.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
SRG-OS-000475
Group -
The operating system must generate audit records for all direct access to the information system.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
SRG-OS-000476
Group -
The operating system must generate audit records for all account creations, modifications, disabling, and termination events.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
SRG-OS-000477
Group -
SRG-OS-000478
Group -
SRG-OS-000479
Group -
The operating system must, at a minimum, off-load audit data from interconnected systems in real time and off-load audit data from standalone systems weekly.
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.Rule Medium Severity -
SRG-OS-000480
Group -
The operating system must prevent the use of dictionary words for passwords.
If the operating system allows the user to select passwords based on dictionary words, then this increases the chances of password compromise by increasing the opportunity for successful guesses an...Rule Medium Severity -
SRG-OS-000480
Group -
SRG-OS-000480
Group -
SRG-OS-000480
Group -
The operating system must define default permissions for all authenticated users in such a way that the user can only read and modify their own files.
Setting the most restrictive default permissions ensures that when new accounts are created they do not have unnecessary access.Rule Medium Severity -
SRG-OS-000480
Group -
The operating system must not allow an unattended or automatic logon to the system.
Failure to restrict system access to authenticated users negatively impacts operating system security.Rule High Severity -
SRG-OS-000480
Group -
The operating system must limit the ability of non-privileged users to grant other users direct access to the contents of their home directories/folders.
Users' home directories/folders may contain information of a sensitive nature. Non-privileged users should coordinate any sharing of information with an SA through shared resources.Rule Medium Severity -
SRG-OS-000480
Group -
The operating system must enable an application firewall, if available.
Firewalls protect computers from network attacks by blocking or limiting access to open network ports. Application firewalls limit which applications are allowed to communicate over the network.Rule Medium Severity -
SRG-OS-000481
Group -
SRG-OS-000439
Group -
The operating system must install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
Security flaws with operating systems are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. Organizations (includin...Rule Medium Severity -
SRG-OS-000590
Group -
SRG-OS-000690
Group -
SRG-OS-000705
Group -
SRG-OS-000710
Group -
SRG-OS-000720
Group -
SRG-OS-000725
Group -
SRG-OS-000730
Group -
The operating system must, for password-based authentication, employ automated tools to assist the user in selecting strong password authenticators.
Password-based authentication applies to passwords regardless of whether they are used in single-factor or multifactor authentication. Long passwords or passphrases are preferable over shorter pass...Rule Medium Severity -
SRG-OS-000745
Group -
SRG-OS-000755
Group -
The operating system must monitor the use of maintenance tools that execute with increased privilege.
Maintenance tools that execute with increased system privilege can result in unauthorized access to organizational information and assets that would otherwise be inaccessible.Rule Medium Severity -
SRG-OS-000775
Group -
The operating system must include only approved trust anchors in trust stores or certificate stores managed by the organization.
Public key infrastructure (PKI) certificates are certificates with visibility external to organizational systems and certificates related to the internal operations of systems, such as application-...Rule Medium Severity -
SRG-OS-000780
Group -
SRG-OS-000785
Group -
The operating system must provide automated mechanisms for supporting account management functions.
Enterprise environments make account management challenging and complex. A manual process for account management functions adds the risk of a potential oversight or other errors. A comprehensive a...Rule Medium Severity -
The operating system must audit all account creations.
Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to create an acco...Rule Medium Severity -
The operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system.
Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.