Traditional Security Checklist
Rules, Groups, and Values defined within the XCCDF Benchmark
-
IS-16.02.04
<GroupDescription></GroupDescription>Group -
Controlled Unclassified Information - Encryption of Data at Rest
<VulnDiscussion>Failure to handle CUI in an approved manner can result in the loss or compromise of sensitive information. REFERENCES: Exec...Rule Medium Severity -
IS-16.02.05
<GroupDescription></GroupDescription>Group -
Controlled Unclassified Information - Transmission by either Physical or Electronic Means
<VulnDiscussion>Failure to handle/transmit CUI in an approved manner can result in the loss or compromise of sensitive information. REFERENC...Rule Medium Severity -
IS-16.02.06
<GroupDescription></GroupDescription>Group -
Controlled Unclassified Information - Posting Only on Web-Sites with Appropriate Encryption; not on Publicly Accessible Web-Sites.
<VulnDiscussion>Failure to handle CUI in an approved manner can result in the loss or compromise of sensitive information. REFERENCES: Exec...Rule Medium Severity -
IS-16.03.01
<GroupDescription></GroupDescription>Group -
Controlled Unclassified Information (CUI) - Local Policy and Procedure
<VulnDiscussion>Failure to handle CUI in an approved manner can result in the loss or compromise of sensitive information. REFERENCES: Exec...Rule Low Severity -
IS-16.03.02
<GroupDescription></GroupDescription>Group -
Controlled Unclassified Information - Marking/Labeling Media within Unclassified Environments (Not Mixed with Classified)
<VulnDiscussion>Failure to mark CUI in an approved manner can result in the loss or compromise of sensitive information. REFERENCES: Execut...Rule Low Severity -
IS-17.03.01
<GroupDescription></GroupDescription>Group -
Classified Annual Review
<VulnDiscussion>Failure to conduct the annual review and clean out day can result in an excessive amount of classified (including IS storage ...Rule Low Severity -
PE-01.03.01
<GroupDescription></GroupDescription>Group -
Position of Trust - Knowledge of Responsibility to Self Report Derogatory Information
<VulnDiscussion>Failure to inform personnel of the expected standards of conduct while holding a position of trust and their responsibility t...Rule Low Severity -
PE-01.03.02
<GroupDescription></GroupDescription>Group -
Position of Trust - Local Policy Covering Employee Personal Standards of Conduct and Responsibilities
<VulnDiscussion>Failure to inform personnel of the expected standards of conduct while holding a position of trust can result in conduct by t...Rule Low Severity -
PE-01.03.03
<GroupDescription></GroupDescription>Group -
Position of Trust - Training Covering Employee Standards of Conduct and Personal Responsibilities
<VulnDiscussion>Failure to inform personnel of the expected standards of conduct while holding a position of trust can result in conduct by t...Rule Low Severity -
PE-03.02.01
<GroupDescription></GroupDescription>Group -
Validation Procedures for Security Clearance Issuance (Classified Systems and/or Physical Access Granted)
<VulnDiscussion>Failure to properly verify security clearance status could result in an unauthorized person having access to a classified inf...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.