General Purpose Operating System Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000185
<GroupDescription></GroupDescription>Group -
The operating system must protect the confidentiality and integrity of all information at rest.
<VulnDiscussion>Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive and...Rule Medium Severity -
SRG-OS-000191
<GroupDescription></GroupDescription>Group -
The operating system must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, 30 days, and annually, for external scans by Computer Network Defense Service Provider (CNDSP).
<VulnDiscussion>Without the use of automated mechanisms to scan for security flaws on a continuous and/or periodic basis, the operating syste...Rule Medium Severity -
SRG-OS-000205
<GroupDescription></GroupDescription>Group -
The operating system must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
<VulnDiscussion> Any operating system providing too much information in error messages risks compromising the data and security of the struct...Rule Medium Severity -
SRG-OS-000206
<GroupDescription></GroupDescription>Group -
The operating system must reveal error messages only to authorized users.
<VulnDiscussion>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an orga...Rule Medium Severity -
SRG-OS-000228
<GroupDescription></GroupDescription>Group -
Any publically accessible connection to the operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system.
<VulnDiscussion>Display of a standardized and approved use notification before granting access to the publicly accessible operating system en...Rule Medium Severity -
SRG-OS-000239
<GroupDescription></GroupDescription>Group -
The operating system must audit all account modifications.
<VulnDiscussion>Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing ...Rule Medium Severity -
SRG-OS-000240
<GroupDescription></GroupDescription>Group -
The operating system must audit all account disabling actions.
<VulnDiscussion>When operating system accounts are disabled, user accessibility is affected. Accounts are utilized for identifying individual...Rule Medium Severity -
SRG-OS-000241
<GroupDescription></GroupDescription>Group -
The operating system must audit all account removal actions.
<VulnDiscussion>When operating system accounts are removed, user accessibility is affected. Accounts are utilized for identifying individual ...Rule Medium Severity -
SRG-OS-000250
<GroupDescription></GroupDescription>Group -
The operating system must implement cryptography to protect the integrity of remote access sessions.
<VulnDiscussion>Without cryptographic integrity protections, information can be altered by unauthorized users without detection. Remote acce...Rule High Severity -
SRG-OS-000254
<GroupDescription></GroupDescription>Group -
The operating system must initiate session audits at system start-up.
<VulnDiscussion>If auditing is enabled late in the start-up process, the actions of some start-up processes may not be audited. Some audit sy...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.