DBN-6300 NDM Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The DBN-6300 must provide audit record generation capability for DoD-defined auditable events within the DBN-6300.
Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit re...Rule Medium Severity -
The DBN-6300 must generate log records when successful attempts to access privileges occur.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
The DBN-6300 must produce audit records containing information to establish when (date and time) the events occurred.
It is essential for security personnel to know what is being done, what was attempted, where it was done, when it was done, and by whom it was done in order to compile an accurate risk assessment. ...Rule Low Severity -
The DBN-6300 must produce audit log records containing information to establish the source of events.
In order to compile an accurate risk assessment and provide forensic analysis, it is essential for security personnel to know the source of the event. The source may be a component, module, or proc...Rule Low Severity -
The DBN-6300 must produce audit records that contain information to establish the outcome of the event.
Without information about the outcome of events, security personnel cannot make an accurate assessment as to whether an attack was successful or if changes were made to the security state of the sy...Rule Low Severity -
The DBN-6300 must use multifactor authentication for network access (remote and nonlocal) to privileged accounts.
Multifactor authentication requires using two or more factors to achieve authentication. Factors include: (i) something a user knows (e.g., password/PIN); (ii) something a user has (e.g., crypto...Rule Medium Severity -
If multifactor authentication is not supported and passwords must be used, the DBN-6300 must enforce password complexity by requiring that at least one upper-case character be used.
Use of a complex passwords helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisti...Rule Medium Severity -
The DBN-6300 must enforce a 60-day maximum password lifetime restriction.
Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed at specific intervals. One method of minimizing this risk is to use complex passwords and p...Rule Medium Severity -
The DBN-6300 must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port th...Rule High Severity -
The DBN-6300 must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.
Automatic session termination addresses the termination of administrator-initiated logical sessions in contrast to the termination of network connections that are associated with communications ses...Rule Medium Severity -
The DBN-6300 must synchronize its internal system clock to the NTP server when the time difference is greater than one second.
Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when condu...Rule Medium Severity -
Applications used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications.
This requires the use of secure protocols instead of their unsecured counterparts, such as SSH instead of telnet, SCP instead of FTP, and HTTPS instead of HTTP. If unsecured protocols (lacking cryp...Rule Medium Severity -
The DBN-6300 must generate audit records when successful/unsuccessful attempts to modify administrator privileges occur.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
The DBN-6300 must generate audit records for privileged activities or other system-level access.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
The DBN-6300 must generate audit records showing starting and ending time for administrator access to the system.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
The DBN-6300 must off-load audit records onto a different system or media than the system being audited.
Off-loading ensures audit information does not get overwritten if the limited audit storage capacity is reached and also protects the audit record in case the system/component being audited is comp...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.