HYCU Protege Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The HYCU virtual appliance must enforce password complexity by requiring that at least one uppercase character be used.
Use of a complex passwords helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisti...Rule Medium Severity -
The HYCU virtual appliance must enforce password complexity by requiring that at least one numeric character be used.
Use of a complex passwords helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisti...Rule Medium Severity -
The HYCU virtual appliance must require that when a password is changed, the characters are changed in at least eight of the positions within the password.
If the application allows the user to consecutively reuse extensive portions of passwords, this increases the chances of password compromise by increasing the window of opportunity for attempts at ...Rule Medium Severity -
The HYCU virtual appliance must use FIPS 140-2-approved algorithms for authentication to a cryptographic module.
Unapproved mechanisms that are used for authentication to the cryptographic module are not validated and therefore cannot be relied upon to provide confidentiality or integrity, and DOD data may be...Rule High Severity -
The HYCU virtual appliance must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of nonlocal maintenance and diagnostic communications.
Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied on to provide confidentiality or integrity, and DOD data may be co...Rule High Severity -
The HYCU virtual appliance must audit the enforcement actions used to restrict access associated with changes to the device.
Without auditing the enforcement of access restrictions against changes to the device configuration, it will be difficult to identify attempted attacks, and an audit trail will not be available for...Rule Medium Severity -
The HYCU virtual appliance must prevent the installation of patches, service packs, or application components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization.
Changes to any software components can have significant effects on the overall security of the network device. Verifying software components have been digitally signed using a certificate that is r...Rule Medium Severity -
The HYCU virtual appliance must install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
Security flaws with software are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. Organizations (including any con...Rule Medium Severity -
The HYCU virtual appliance must generate unique session identifiers using a FIPS 140-2 approved random number generator.
Sequentially generated session IDs can be easily guessed by an attacker. Employing the concept of randomness in the generation of unique session identifiers helps to protect against brute-force att...Rule Medium Severity -
The HYCU virtual appliance must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).
The aggregation of log data kept on a syslog server can be used to detect attacks and trigger an alert to the appropriate security personnel. The stored log data can used to detect weaknesses in se...Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.