Skip to content
Log In

Microsoft SCOM Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000516-NDM-000351

    Group
    Show

  • The Microsoft SCOM server must be running Windows operating system that supports modern security features such as virtualization based security.

    Network devices running older but supported operating systems lack modern security features that mitigate attack surfaces. Attackers face a higher level of complexity to overcome during a compromis...
    Rule High Severity
    Show

  • SRG-APP-000516-NDM-000340

    Group
    Show

  • SCOM unsealed management packs must be backed up regularly.

    SCOM's configuration information is stored within unsealed management packs. Even without SQL backups, a catastrophic failure to SCOM can be recovered from quickly if the unsealed management packs ...
    Rule Low Severity
    Show

  • SRG-APP-000516-NDM-000344

    Group
    Show

  • If a certificate is used for the SCOM web console, this certificate must be generated by a DoD CA or CA approved by the organization.

    Web certificates should always be signed by a trusted signer and never self-signed.
    Rule Low Severity
    Show

  • SRG-APP-000395-NDM-000310

    Group
    Show

  • The Microsoft SCOM SNMP Monitoring in SCOM must use SNMP V3.

    SNMP Versions 1 and 2 do not use a FIPS-validated Keyed-Hash message Authentication Code (HMAC). SCOM has the capability of monitoring all versions of SNMP. As such, SNMP 1 and 2 monitoring should ...
    Rule Low Severity
    Show

  • SRG-APP-000080-NDM-000345

    Group
    Show

  • The Microsoft SCOM server must use an active directory group that contains authorized members of the SCOM Administrators Role Group.

    During the initial installation, SCOM grants the Builtin\Administrators group administrator rights to the application. This configuration will allow any local administrator to the SCOM server to ha...
    Rule Medium Severity
    Show

  • SRG-APP-000080-NDM-000345

    Group
    Show

  • The default Builtin\Administrators group must be removed from the SCOM Administrators Role Group.

    SCOM servers with default well-known operating system groups defined the SCOM Administrators Global Group may allow a local administrator access to privileged SCOM access.
    Rule Medium Severity
    Show

  • SRG-APP-000412-NDM-000331

    Group
    Show

  • All SCOM servers must be configured for FIPS 140-2 compliance.

    Unapproved mechanisms used for authentication to the cryptographic module are not validated and therefore cannot be relied on to provide confidentiality or integrity, and DoD data may be compromise...
    Rule High Severity
    Show

  • SRG-APP-000435-NDM-000315

    Group
    Show

  • A host-based firewall must be configured on the SCOM management servers.

    To prevent a DDoS, a firewall that inspects and drops packets must be configured.
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules