IBM AIX 7.x Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000030-GPOS-00011
<GroupDescription></GroupDescription>Group -
AIX must be configured to allow users to directly initiate a session lock for all connection types.
<VulnDiscussion>A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the ...Rule Medium Severity -
SRG-OS-000031-GPOS-00012
<GroupDescription></GroupDescription>Group -
AIX CDE must conceal, via the session lock, information previously visible on the display with a publicly viewable image.
<VulnDiscussion>A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the ...Rule Medium Severity -
SRG-OS-000125-GPOS-00065
<GroupDescription></GroupDescription>Group -
AIX must employ strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.
<VulnDiscussion>If maintenance tools are used by unauthorized personnel, they may accidentally or intentionally damage or compromise the syst...Rule High Severity -
SRG-OS-000250-GPOS-00093
<GroupDescription></GroupDescription>Group -
If LDAP authentication is required on AIX, SSL must be used between LDAP clients and the LDAP servers to protect the integrity of remote access sessions.
<VulnDiscussion>If LDAP authentication is used, SSL must be used between LDAP clients and the LDAP servers to protect the integrity of remote...Rule Medium Severity -
SRG-OS-000403-GPOS-00182
<GroupDescription></GroupDescription>Group -
AIX must only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.
<VulnDiscussion>Untrusted Certificate Authorities (CA) can issue certificates, but they may be issued by organizations or individuals that se...Rule Medium Severity -
SRG-OS-000120-GPOS-00061
<GroupDescription></GroupDescription>Group -
AIX must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
<VulnDiscussion>FIPS 140-2 is the current standard for validating that mechanisms used to access cryptographic modules utilize authentication...Rule Medium Severity -
SRG-OS-000069-GPOS-00037
<GroupDescription></GroupDescription>Group -
AIX must enforce password complexity by requiring that at least one upper-case character be used.
<VulnDiscussion>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, ...Rule High Severity -
SRG-OS-000070-GPOS-00038
<GroupDescription></GroupDescription>Group -
AIX must enforce password complexity by requiring that at least one lower-case character be used.
<VulnDiscussion>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, ...Rule High Severity -
SRG-OS-000071-GPOS-00039
<GroupDescription></GroupDescription>Group -
AIX must enforce password complexity by requiring that at least one numeric character be used.
<VulnDiscussion>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, ...Rule High Severity -
SRG-OS-000072-GPOS-00040
<GroupDescription></GroupDescription>Group -
AIX must require the change of at least 50% of the total number of characters when passwords are changed.
<VulnDiscussion>If the operating system allows the user to consecutively reuse extensive portions of passwords, this increases the chances of...Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.