Skip to content

Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-OS-000080-GPOS-00048

    <GroupDescription></GroupDescription>
    Group
  • Ubuntu operating systems booted with United Extensible Firmware Interface (UEFI) implemented must require authentication upon booting into single-user mode and maintenance.

    &lt;VulnDiscussion&gt;To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-ap...
    Rule High Severity
  • SRG-OS-000254-GPOS-00095

    <GroupDescription></GroupDescription>
    Group
  • The Ubuntu operating system must initiate session audits at system startup.

    &lt;VulnDiscussion&gt;If auditing is enabled late in the startup process, the actions of some startup processes may not be audited. Some audit syst...
    Rule Medium Severity
  • SRG-OS-000185-GPOS-00079

    <GroupDescription></GroupDescription>
    Group
  • Ubuntu operating systems handling data requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.

    &lt;VulnDiscussion&gt;Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive and...
    Rule Medium Severity
  • SRG-OS-000478-GPOS-00223

    <GroupDescription></GroupDescription>
    Group
  • The Ubuntu operating system must implement NIST FIPS-validated cryptography to protect classified information and for the following: to provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

    &lt;VulnDiscussion&gt;Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The operating ...
    Rule High Severity
  • SRG-OS-000343-GPOS-00134

    <GroupDescription></GroupDescription>
    Group
  • The Ubuntu operating system must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity.

    &lt;VulnDiscussion&gt;If security personnel are not notified immediately when storage volume reaches 75% utilization, they are unable to plan for a...
    Rule Low Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules