DBN-6300 NDM Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000101-NDM-000231
<GroupDescription></GroupDescription>Group -
The DBN-6300 must generate audit records containing the full-text recording of privileged commands.
<VulnDiscussion>Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information. Or...Rule Low Severity -
SRG-APP-000116-NDM-000234
<GroupDescription></GroupDescription>Group -
The DBN-6300 must use internal system clocks to generate time stamps for audit records.
<VulnDiscussion>In order to determine what is happening within the network infrastructure or to resolve and trace an attack, the network devi...Rule Medium Severity -
SRG-APP-000125-NDM-000241
<GroupDescription></GroupDescription>Group -
The DBN-6300 must back up audit records at least every seven days onto a different system or system component than the system or component being audited.
<VulnDiscussion>Protection of log data includes assuring log data is not accidentally lost or deleted. Regularly backing up audit records to ...Rule Low Severity -
SRG-APP-000148-NDM-000346
<GroupDescription></GroupDescription>Group -
The DBN-6300 must use multifactor authentication for network access (remote and nonlocal) to privileged accounts.
<VulnDiscussion>Multifactor authentication requires using two or more factors to achieve authentication. Factors include: (i) something a u...Rule Medium Severity -
SRG-APP-000151-NDM-000248
<GroupDescription></GroupDescription>Group -
The DBN-6300 must use multifactor authentication for local access to privileged accounts.
<VulnDiscussion>Multifactor authentication is defined as using two or more factors to achieve authentication. Factors include: (i) Somethin...Rule Medium Severity -
SRG-APP-000156-NDM-000250
<GroupDescription></GroupDescription>Group -
The DBN-6300 must implement replay-resistant authentication mechanisms for network access to privileged accounts.
<VulnDiscussion>A replay attack may enable an unauthorized user to gain access to the application. Authentication sessions between the authen...Rule Medium Severity -
SRG-APP-000164-NDM-000252
<GroupDescription></GroupDescription>Group -
The DBN-6300 must enforce a minimum 15-character password length.
<VulnDiscussion>Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute...Rule Medium Severity -
SRG-APP-000165-NDM-000253
<GroupDescription></GroupDescription>Group -
The DBN-6300 must prohibit password reuse for a minimum of five generations.
<VulnDiscussion>Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute...Rule Medium Severity -
If multifactor authentication is not supported and passwords must be used, the DBN-6300 must enforce password complexity by requiring that at least one upper-case character be used.
<VulnDiscussion>Use of a complex passwords helps to increase the time and resources required to compromise the password. Password complexity,...Rule Medium Severity -
SRG-APP-000167-NDM-000255
<GroupDescription></GroupDescription>Group -
If multifactor authentication is not supported and passwords must be used, the DBN-6300 must enforce password complexity by requiring that at least one lower-case character be used.
<VulnDiscussion>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, ...Rule Medium Severity -
SRG-APP-000168-NDM-000256
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.