Skip to content
Log In

Virtual Machine Manager Security Requirements Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-OS-000266

    Group
    Show

  • The VMM must enforce password complexity by requiring that at least one special character be used.

    Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity or strength is a measure of the effectiveness of a password in resisting ...
    Rule Medium Severity
    Show

  • SRG-OS-000269

    Group
    Show

  • In the event of a system failure, the VMM must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes.

    Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. Failure to a known secure state helps prevent a loss of confidentiality, ...
    Rule Medium Severity
    Show

  • SRG-OS-000274

    Group
    Show

  • The VMM must notify system administrators (SAs) and information system security officers (ISSOs) when accounts are created.

    Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to simply...
    Rule Medium Severity
    Show

  • SRG-OS-000275

    Group
    Show

  • SRG-OS-000276

    Group
    Show

  • The VMM must notify the system administrator (SA) and information system security officer (ISSO) when accounts are disabled.

    When VMM accounts are disabled, user accessibility is affected. Accounts are utilized for identifying individual VMM users or for identifying the VMM processes themselves. Sending notification of a...
    Rule Medium Severity
    Show

  • SRG-OS-000277

    Group
    Show

  • SRG-OS-000278

    Group
    Show

  • The VMM must use cryptographic mechanisms to protect the integrity of audit tools.

    Protecting the integrity of the tools used for auditing purposes is a critical step towards ensuring the integrity of audit data. Audit data includes all information (e.g., audit records, audit set...
    Rule Medium Severity
    Show

  • SRG-OS-000279

    Group
    Show

  • SRG-OS-000280

    Group
    Show

  • VMMs requiring user access authentication must provide a logout capability for user-initiated communications sessions.

    If a user cannot explicitly end a VMM session, the session may remain open and be exploited by an attacker; this is referred to as a zombie session. Information resources to which users gain acces...
    Rule Medium Severity
    Show

  • SRG-OS-000281

    Group
    Show

  • The VMM must display an explicit logout message to users indicating the reliable termination of authenticated communications sessions.

    If a user cannot explicitly end a VMM session, the session may remain open and be exploited by an attacker; this is referred to as a zombie session. Users need to be aware of whether or not the se...
    Rule Medium Severity
    Show

  • SRG-OS-000297

    Group
    Show

  • The VMM must control remote access methods.

    Remote access services, such as those providing remote access to network devices and VMMs, which lack automated control capabilities, increase risk and make remote user access management difficult ...
    Rule Medium Severity
    Show

  • SRG-OS-000298

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules