Traditional Security Checklist
Rules, Groups, and Values defined within the XCCDF Benchmark
-
IS-11.01.01
<GroupDescription></GroupDescription>Group -
Destruction of Classified Documents Printed from the SIPRNet Using Approved Devices on NSA Evaluated Products Lists (EPL).
<VulnDiscussion>Failure to properly destroy classified material can lead to the loss or compromise of classified or sensitive information. R...Rule High Severity -
IS-11.01.02
<GroupDescription></GroupDescription>Group -
Classified Material Destruction - Improper Disposal of Automated Information System (AIS) Hard Drives and Storage Media
<VulnDiscussion>Failure to properly destroy classified material can lead to the loss or compromise of classified or sensitive information. R...Rule High Severity -
IS-11.02.01
<GroupDescription></GroupDescription>Group -
Classified Destruction - Hard Drive and Storage Media Sanitization Devices and Plans are not Available for disposal of Automated Information System (AIS) Equipment On-Hand
<VulnDiscussion>Failure to properly destroy classified material can lead to the loss or compromise of classified or sensitive information. R...Rule Medium Severity -
IS-11.03.01
<GroupDescription></GroupDescription>Group -
Destruction of Classified and Unclassified Documents, Equipment and Media - Availability of Local Policy and Procedures
<VulnDiscussion>Lack of plans and procedures to properly destroy classified and/or sensitive material can lead to the loss or compromise of c...Rule Low Severity -
IS-13.02.01
<GroupDescription></GroupDescription>Group -
Classified Emergency Destruction Plans - Develop and Make Available
<VulnDiscussion>Failure to develop emergency procedures can lead to the loss or compromise of classified or sensitive information during emer...Rule Medium Severity -
IS-14.02.01
<GroupDescription></GroupDescription>Group -
Security Incident/Spillage - Lack of Procedures or Training for Handling and Reporting
<VulnDiscussion>Failure to report possible security compromise can result in the impact of the loss or compromise of classified information n...Rule Medium Severity -
IS-15.02.01
<GroupDescription></GroupDescription>Group -
Classification Guides Must be Available for Programs and Systems for an Organization or Site
<VulnDiscussion>Failure to have proper classification guidance available for Information Systems and/or associated programs run on them can r...Rule Medium Severity -
IS-16.02.01
<GroupDescription></GroupDescription>Group -
Controlled Unclassified Information (CUI) - Employee Education and Training
<VulnDiscussion>Failure to handle CUI in an approved manner can result in the loss or compromise of sensitive information. REFERENCES: Exec...Rule Medium Severity -
IS-16.02.02
<GroupDescription></GroupDescription>Group -
Controlled Unclassified Information - Document, Hard Drive and Media Disposal
<VulnDiscussion>Failure to handle CUI in an approved manner can result in the loss or compromise of sensitive information. REFERENCES: Assi...Rule Medium Severity -
IS-16.02.03
<GroupDescription></GroupDescription>Group -
Controlled Unclassified Information - Handling, Storage and Controlling Access to Areas where CUI is Processed or Maintained
<VulnDiscussion>Failure to handle CUI in an approved manner can result in the loss or compromise of sensitive information. REFERENCES: Exec...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.