Virtual Machine Manager Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The VMM must protect audit tools from unauthorized modification.
Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on au...Rule Medium Severity -
The VMM must protect audit tools from unauthorized deletion.
Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on au...Rule Medium Severity -
The VMM must notify the system administrator (SA) and information system security officer (ISSO) when accounts are modified.
Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to simply modify ...Rule Medium Severity -
The VMM must notify the system administrator (SA) and information system security officer (ISSO) when accounts are removed.
When VMM accounts are removed, user accessibility is affected. Accounts are utilized for identifying individual VMM users or for identifying the VMM processes themselves. Sending notification of ac...Rule Medium Severity -
The VMM must automatically terminate a user session after inactivity timeouts have expired or at shutdown.
Automatic session termination addresses the termination of user-initiated logical sessions in contrast to the termination of network connections that are associated with communications sessions (i....Rule Medium Severity -
The VMM must protect wireless access to the system using encryption.
Allowing devices and users to connect to the system without first authenticating them allows untrusted access and can lead to a compromise or attack. Since wireless communications can be intercepte...Rule Medium Severity -
The VMM must notify the system administrator (SA) and information system security officer (ISSO) of account enabling actions.
Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to simply enable ...Rule Medium Severity -
The VMM must implement discretionary access controls to allow VMM admins to grant their privileges to other VMM admins.
Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which...Rule Medium Severity -
The VMM must audit the execution of privileged functions.
Misuse of privileged functions, either intentionally or unintentionally, by authorized users, or by unauthorized external entities that have compromised VMM accounts, is a serious and ongoing conc...Rule Medium Severity -
The VMM must provide the capability for assigned IMOs/ISSOs or designated SAs to change the auditing to be performed on all VMM components, based on all selectable event criteria in near real time.
If authorized individuals do not have the ability to modify auditing parameters in response to a changing threat environment, the organization may not be able to effectively respond, and important ...Rule Medium Severity -
The VMM must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events requiring real-time alerts.
It is critical for the appropriate personnel to be aware if a VMM is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impendi...Rule Medium Severity -
The VMM must provide a report generation capability that supports after-the-fact investigations of security incidents.
If the report generation capability does not support after-the-fact investigations, it is difficult to establish, correlate, and investigate the events leading up to an outage or attack or identify...Rule Medium Severity -
The VMM must record time stamps for audit records that meet a granularity of one second for a minimum degree of precision.
Without sufficient granularity of time stamps, it is not possible to adequately determine the chronological order of records. Time stamps generated by the VMM include date and time. Granularity o...Rule Medium Severity -
The VMM must enforce access restrictions associated with changes to the system.
Failure to provide logical access restrictions associated with changes to system configuration may have significant effects on the overall security of the system. When dealing with access restric...Rule Medium Severity -
The VMM must prevent inappropriate use of redundant guest VMs.
Control of program execution is a mechanism used to prevent execution of unauthorized programs. Some VMMs may provide a capability that runs counter to the mission or provides users with functional...Rule Medium Severity -
The VMM must implement multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.
Using an authentication device, such as a CAC or token that is separate from the VMM, ensures that even if the VMM is compromised, that compromise will not affect credentials stored on the authenti...Rule Medium Severity -
The VMM must accept Personal Identity Verification (PIV) credentials.
The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use of the CAC to support identity management and personal authentication f...Rule Medium Severity -
The VMM must electronically verify Personal Identity Verification (PIV) credentials.
The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use of the CAC to support identity management and personal authentication f...Rule Medium Severity -
The VMM must authenticate all endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.
Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. Bidirectional authentication provides stronger safeguards to validate the...Rule Medium Severity -
The VMM must request data origin authentication verification on the name/address resolution responses the system receives from authoritative sources.
If data origin authentication and data integrity verification is not performed, the resultant response could be forged, it may have come from a poisoned cache, the packets could have been intercept...Rule Medium Severity -
The VMM must only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.
Untrusted Certificate Authorities (CA) can issue certificates, but they may be issued by organizations or individuals that seek to compromise DoD systems or by organizations with insufficient secur...Rule Medium Severity -
The VMM must maintain a separate execution domain for each guest VM.
VMMs can maintain separate execution domains for each executing guest VM by assigning each guest VM a separate address space. Each VMM guest VM has a distinct address space so that communication be...Rule Medium Severity -
The VMM must protect against or limit the effects of Denial of Service (DoS) attacks by ensuring the VMM is implementing rate-limiting measures on impacted network interfaces.
DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity. This require...Rule Medium Severity -
The VMM must maintain the confidentiality and integrity of information during preparation for transmission.
Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, for example, during aggregation, at protocol transformation points, and during pa...Rule Medium Severity -
The VMM must behave in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.
A common vulnerability of VMM is unpredictable behavior when invalid inputs are received. This requirement guards against adverse or unintended system behavior caused by invalid inputs, where VMM r...Rule Medium Severity -
The VMM must implement address space layout randomization to protect its memory from unauthorized code execution.
Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Data execution prevention safeguards can either be ...Rule Medium Severity -
The VMM must perform verification of the correct operation of security functions: upon system startup and/or restart; upon command by a user with privileged access; and/or every 30 days.
Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmwar...Rule Medium Severity -
The VMM must generate audit records when successful/unsuccessful attempts to access security levels occur.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
The VMM must generate audit records when successful/unsuccessful attempts to modify privileges occur.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
The VMM must generate audit records when successful/unsuccessful logon attempts occur.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
The VMM must generate audit records for all account creations, modifications, disabling, and termination events.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
The VMM must implement NIST FIPS-validated cryptography for the following: to provision digital signatures; to generate cryptographic hashes; and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The VMM must implement cryptographic modules adhering to the higher standards approved...Rule Medium Severity -
The VMM must protect the confidentiality and integrity of communications with wireless peripherals.
Without protection of communications with wireless peripherals, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read, altered, or u...Rule Medium Severity -
The VMM must for password-based authentication, require immediate selection of a new password upon account recovery.
Password-based authentication applies to passwords regardless of whether they are used in single-factor or multifactor authentication. Long passwords or passphrases are preferable over shorter pass...Rule Medium Severity -
The VMM must monitor the use of maintenance tools that execute with increased privilege.
Maintenance tools that execute with increased system privilege can result in unauthorized access to organizational information and assets that would otherwise be inaccessible.Rule Medium Severity -
The VMM must synchronize system clocks within and between systems or system components.
Time synchronization of system clocks is essential for the correct execution of many system services, including identification and authentication processes that involve certificates and time-of-day...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.