Virtual Machine Manager Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000479
Group -
The VMM must, at a minimum, off-load interconnected systems in real time and off-load standalone systems weekly.
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in VMMs with limited audit storage capacity.Rule Medium Severity -
SRG-OS-000480
Group -
The VMM must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.
Configuring the VMM to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across...Rule Medium Severity -
SRG-OS-000481
Group -
SRG-OS-000590
Group -
The VMM must disable accounts when the accounts are no longer associated to a user.
Disabling expired, inactive, or otherwise anomalous accounts supports the concepts of least privilege and least functionality which reduce the attack surface of the system.Rule Medium Severity -
SRG-OS-000690
Group -
The VMM must prohibit the use or connection of unauthorized hardware components.
Hardware components provide the foundation for organizational systems and the platform for the execution of authorized software programs. Managing the inventory of hardware components and controlli...Rule Medium Severity -
SRG-OS-000705
Group -
The VMM must implement multifactor authentication for local, network, and/or remote access to privileged accounts and/or nonprivileged accounts such that the device meets organization-defined strength of mechanism requirements.
The purpose of requiring a device separate from the system to which the user is attempting to gain access for one of the factors during multifactor authentication is to reduce the likelihood of com...Rule Medium Severity -
SRG-OS-000710
Group -
The VMM must for password-based authentication, verify when users create or update passwords the passwords are not found on the list of commonly-used, expected, or compromised passwords in ia-5 (1) (a).
Password-based authentication applies to passwords regardless of whether they are used in single-factor or multifactor authentication. Long passwords or passphrases are preferable over shorter pass...Rule Medium Severity -
SRG-OS-000720
Group -
SRG-OS-000725
Group -
The VMM must for password-based authentication, allow user selection of long passwords and passphrases, including spaces and all printable characters.
Password-based authentication applies to passwords regardless of whether they are used in single-factor or multifactor authentication. Long passwords or passphrases are preferable over shorter pass...Rule Medium Severity -
SRG-OS-000730
Group -
The VMM must for password-based authentication, employ automated tools to assist the user in selecting strong password authenticators.
Password-based authentication applies to passwords regardless of whether they are used in single-factor or multifactor authentication. Long passwords or passphrases are preferable over shorter pass...Rule Medium Severity -
SRG-OS-000745
Group -
The VMM must accept only external credentials that are NIST-compliant.
Acceptance of only NIST-compliant external authenticators applies to organizational systems that are accessible to the public (e.g., public-facing websites). External authenticators are issued by n...Rule Medium Severity -
SRG-OS-000755
Group -
SRG-OS-000775
Group -
The VMM must include only approved trust anchors in trust stores or certificate stores managed by the organization.
Public key infrastructure (PKI) certificates are certificates with visibility external to organizational systems and certificates related to the internal operations of systems, such as application-...Rule Medium Severity -
SRG-OS-000780
Group -
The VMM must provide protected storage for cryptographic keys with organization-defined safeguards and/or hardware protected key store.
A Trusted Platform Module (TPM) is an example of a hardware-protected data store that can be used to protect cryptographic keys.Rule Medium Severity -
SRG-OS-000785
Group -
The VMM must automatically disable local accounts after a 35-day period of account inactivity.
Attackers that are able to exploit an inactive account can potentially obtain and maintain undetected access to an application. Owners of inactive accounts will not notice if unauthorized access to...Rule Medium Severity -
The VMM must retain the Standard Mandatory DoD Notice and Consent Banner on the screen until users acknowledge the usage conditions and take explicit actions to log on for further access.
The banner must be acknowledged by the user prior to allowing the user access to the VMM. This provides assurance that the user has seen the message and accepted the conditions for access. If the c...Rule Medium Severity -
The VMM must conceal, via the session lock, information previously visible on the display with a publicly viewable image.
A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the VMM but does not log out because of the temporary nature of the...Rule Medium Severity -
The VMM must produce audit records containing information to establish where the events occurred.
Without establishing where events occurred, it is difficult to establish, correlate, and investigate the events leading up to an outage or attack. In order to compile an accurate risk assessment a...Rule Medium Severity -
The VMM must generate audit records containing the full-text recording of privileged commands or the individual identities of group account users.
Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information. Organizations should consider limiting the additional audit information t...Rule Medium Severity -
The VMM must support the capability to centrally review and analyze audit records from multiple components within the system.
Successful incident response and auditing relies on timely, accurate system information and analysis in order to allow the organization to identify and respond to potential incidents in a proficie...Rule Medium Severity -
The VMM must protect audit information from unauthorized deletion.
If audit data were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve. To ensure the veracity of audi...Rule Medium Severity -
The VMM, for PKI-based authentication, must enforce authorized access to the corresponding private key.
If the private key is discovered, an attacker can use the key to authenticate as an authorized user and gain access to the network infrastructure. The cornerstone of the PKI is the private key us...Rule Medium Severity -
The VMM must require the change of at least eight of the total number of characters when passwords are changed.
If the VMM allows the user to consecutively reuse extensive portions of passwords, this increases the chances of password compromise by increasing the window of opportunity for attempts at guessing...Rule Medium Severity -
The VMM must enforce a minimum 15-character password length.
The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised. Password complexity, or strength, is a measure of the effectivene...Rule Medium Severity -
The VMM must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.
In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable...Rule Medium Severity -
The VMM must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users).
To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system. Organizational use...Rule Medium Severity -
The VMM must use multifactor authentication for network access to non-privileged accounts.
To assure accountability and prevent unauthenticated access, non-privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system. Multifactor aut...Rule Medium Severity -
The VMM must use multifactor authentication for local access to nonprivileged accounts.
To assure accountability, prevent unauthenticated access, and prevent misuse of the system, privileged users must utilize multifactor authentication for local access. Multifactor authentication ...Rule Medium Severity -
The VMM must disable local account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.
Inactive identifiers pose a risk to systems and applications because attackers may exploit an inactive identifier and potentially obtain undetected access to the system. Owners of inactive accounts...Rule Medium Severity -
The VMM must employ strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.
If maintenance tools are used by unauthorized personnel, they may accidentally or intentionally damage or compromise the system. The act of managing systems and applications includes the ability to...Rule Medium Severity -
The VMM must isolate security functions from non-security functions.
An isolation boundary provides access control and protects the integrity of the hardware, software, and firmware that perform security functions. Security functions are the hardware, software, an...Rule Medium Severity -
The VMM must prevent unauthorized and unintended information transfer via shared system resources.
Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of...Rule Medium Severity -
The VMM must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity; and for user sessions (non-privileged session), the session must be terminated after 15 minutes of inactivity, except to fulfill documented and validated mission requirements.
Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port th...Rule Medium Severity -
The VMM must protect the confidentiality and integrity of all information at rest.
Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive and tape drive, when used for backups) within a VMM. This requirement addr...Rule Medium Severity -
The VMM must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
Any VMM providing too much information in error messages risks compromising the data and security of the structure, and content of error messages needs to be carefully considered by the organizatio...Rule Medium Severity -
The VMM must automatically audit account modification.
Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to modify an exis...Rule Medium Severity -
All guest VM network communications must be implemented through use of virtual network devices provisioned by the VMM.
Mechanisms to detect and prevent unauthorized communication flow must be configured or provided as part of the VMM design. If information flow control is not enforced based on proper functioning of...Rule Medium Severity -
The VMM must implement cryptography to protect the integrity of remote access sessions.
Without cryptographic integrity protections, information can be altered by unauthorized users without detection. Remote access (e.g., RDP) is access to DoD nonpublic VMMs by an authorized user (or...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.