Skip to content
Log In

General Purpose Operating System Security Requirements Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-OS-000001

    Group
    Show

  • SRG-OS-000002

    Group
    Show

  • The operating system must automatically remove or disable temporary user accounts after 72 hours.

    If temporary user accounts remain active when no longer needed or for an excessive period, these accounts may be used to gain unauthorized access. To mitigate this risk, automated termination of al...
    Rule Medium Severity
    Show

  • SRG-OS-000004

    Group
    Show

  • SRG-OS-000021

    Group
    Show

  • The operating system must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.

    By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking...
    Rule Medium Severity
    Show

  • SRG-OS-000023

    Group
    Show

  • SRG-OS-000024

    Group
    Show

  • The operating system must display the Standard Mandatory DoD Notice and Consent Banner until users acknowledge the usage conditions and take explicit actions to log on for further access.

    The banner must be acknowledged by the user prior to allowing the user access to the operating system. This provides assurance that the user has seen the message and accepted the conditions for acc...
    Rule Medium Severity
    Show

  • SRG-OS-000027

    Group
    Show

  • SRG-OS-000028

    Group
    Show

  • SRG-OS-000029

    Group
    Show

  • The operating system must initiate a session lock after a 15-minute period of inactivity for all connection types.

    A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not log out because of the temporar...
    Rule Medium Severity
    Show

  • SRG-OS-000030

    Group
    Show

  • The operating system must provide the capability for users to directly initiate a session lock for all connection types.

    A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary...
    Rule Medium Severity
    Show

  • SRG-OS-000031

    Group
    Show

  • The operating system must conceal, via the session lock, information previously visible on the display with a publicly viewable image.

    A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not log out because of the temporary nature ...
    Rule Medium Severity
    Show

  • SRG-OS-000032

    Group
    Show

  • SRG-OS-000033

    Group
    Show

  • The operating system must implement DoD-approved encryption to protect the confidentiality of remote access sessions.

    Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. Remote access is access to DoD nonpublic information s...
    Rule High Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules