Skip to content
Log In

Mainframe Product Security Requirements Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000167

    Group
    Show

  • SRG-APP-000168

    Group
    Show

  • The Mainframe Product must enforce password complexity by requiring that at least one numeric character be used.

    Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...
    Rule Medium Severity
    Show

  • SRG-APP-000169

    Group
    Show

  • SRG-APP-000170

    Group
    Show

  • The Mainframe Product must require the change of at least eight of the total number of characters when passwords are changed.

    If the application allows the user to consecutively reuse extensive portions of passwords, this increases the chances of password compromise by increasing the window of opportunity for attempts at ...
    Rule Medium Severity
    Show

  • SRG-APP-000171

    Group
    Show

  • The Mainframe Product must store only cryptographically protected passwords.

    Passwords need to be protected at all times and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily co...
    Rule Medium Severity
    Show

  • SRG-APP-000172

    Group
    Show

  • SRG-APP-000173

    Group
    Show

  • SRG-APP-000174

    Group
    Show

  • SRG-APP-000175

    Group
    Show

  • SRG-APP-000176

    Group
    Show

  • The Mainframe Product, when using PKI-based authentication, must enforce authorized access to the corresponding private key.

    If the private key is discovered, an attacker can use the key to authenticate as an authorized user and gain access to the network infrastructure. The cornerstone of the PKI is the private key use...
    Rule Medium Severity
    Show

  • SRG-APP-000177

    Group
    Show

  • The Mainframe Product must map the authenticated identity to the individual user or group account for PKI-based authentication.

    Without mapping the certificate used to authenticate to the user account, the ability to determine the identity of the individual user or group will not be available for forensic analysis.
    Rule Medium Severity
    Show

  • SRG-APP-000178

    Group
    Show

  • SRG-APP-000179

    Group
    Show

  • SRG-APP-000180

    Group
    Show

  • The Mainframe Product must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

    Lack of authentication and identification enables non-organizational users to gain access to the application or possibly other information systems and provides an opportunity for intruders to compr...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules