Virtual Machine Manager Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The VMM must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events requiring real-time alerts.
It is critical for the appropriate personnel to be aware if a VMM is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impendi...Rule Medium Severity -
The VMM must provide a report generation capability that supports after-the-fact investigations of security incidents.
If the report generation capability does not support after-the-fact investigations, it is difficult to establish, correlate, and investigate the events leading up to an outage or attack or identify...Rule Medium Severity -
The VMM must record time stamps for audit records that meet a granularity of one second for a minimum degree of precision.
Without sufficient granularity of time stamps, it is not possible to adequately determine the chronological order of records. Time stamps generated by the VMM include date and time. Granularity o...Rule Medium Severity -
The VMM must enforce access restrictions associated with changes to the system.
Failure to provide logical access restrictions associated with changes to system configuration may have significant effects on the overall security of the system. When dealing with access restric...Rule Medium Severity -
The VMM must prevent inappropriate use of redundant guest VMs.
Control of program execution is a mechanism used to prevent execution of unauthorized programs. Some VMMs may provide a capability that runs counter to the mission or provides users with functional...Rule Medium Severity -
The VMM must implement multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.
Using an authentication device, such as a CAC or token that is separate from the VMM, ensures that even if the VMM is compromised, that compromise will not affect credentials stored on the authenti...Rule Medium Severity -
The VMM must accept Personal Identity Verification (PIV) credentials.
The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use of the CAC to support identity management and personal authentication f...Rule Medium Severity -
The VMM must electronically verify Personal Identity Verification (PIV) credentials.
The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use of the CAC to support identity management and personal authentication f...Rule Medium Severity -
The VMM must authenticate all endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.
Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. Bidirectional authentication provides stronger safeguards to validate the...Rule Medium Severity -
The VMM must request data origin authentication verification on the name/address resolution responses the system receives from authoritative sources.
If data origin authentication and data integrity verification is not performed, the resultant response could be forged, it may have come from a poisoned cache, the packets could have been intercept...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.