DBN-6300 NDM Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
If multifactor authentication is not supported and passwords must be used, the DBN-6300 must enforce password complexity by requiring that at least one numeric character be used.
<VulnDiscussion>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, ...Rule Medium Severity -
SRG-APP-000169-NDM-000257
<GroupDescription></GroupDescription>Group -
If multifactor authentication is not supported and passwords must be used, the DBN-6300 must enforce password complexity by requiring that at least one special character be used.
<VulnDiscussion>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, ...Rule Medium Severity -
SRG-APP-000173-NDM-000260
<GroupDescription></GroupDescription>Group -
The DBN-6300 must enforce 24 hours/1 day as the minimum password lifetime.
<VulnDiscussion>Enforcing a minimum password lifetime helps prevent repeated password changes to defeat the password reuse or history enforce...Rule Medium Severity -
SRG-APP-000174-NDM-000261
<GroupDescription></GroupDescription>Group -
The DBN-6300 must enforce a 60-day maximum password lifetime restriction.
<VulnDiscussion>Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed at specific intervals...Rule Medium Severity -
SRG-APP-000190-NDM-000267
<GroupDescription></GroupDescription>Group -
The DBN-6300 must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
<VulnDiscussion>Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take c...Rule High Severity -
SRG-APP-000267-NDM-000273
<GroupDescription></GroupDescription>Group -
The DBN-6300 must reveal error messages only to authorized individuals (ISSO, ISSM, and SA).
<VulnDiscussion>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an orga...Rule Medium Severity -
SRG-APP-000268-NDM-000274
<GroupDescription></GroupDescription>Group -
The DBN-6300 must activate a system alert message, send an alarm, and/or automatically shut down when a component failure is detected.
<VulnDiscussion>Predictable failure prevention requires organizational planning to address device failure issues. If components key to mainta...Rule Medium Severity -
SRG-APP-000295-NDM-000279
<GroupDescription></GroupDescription>Group -
The DBN-6300 must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.
<VulnDiscussion>Automatic session termination addresses the termination of administrator-initiated logical sessions in contrast to the termin...Rule Medium Severity -
SRG-APP-000319-NDM-000283
<GroupDescription></GroupDescription>Group -
The DBN-6300 must automatically audit account enabling actions.
<VulnDiscussion>Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of reestab...Rule Medium Severity -
SRG-APP-000343-NDM-000289
<GroupDescription></GroupDescription>Group -
The DBN-6300 must audit the execution of privileged functions.
<VulnDiscussion>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external enti...Rule Medium Severity -
SRG-APP-000353-NDM-000292
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.