Traditional Security Checklist
Rules, Groups, and Values defined within the XCCDF Benchmark
-
PE-07.03.01
<GroupDescription></GroupDescription>Group -
Out-processing Procedures for Departing or Terminated Employees (Military, Government Civilian and Contractor)
<VulnDiscussion>Failure to properly out-process through the security section allows the possibility of continued (unauthorized) access to the...Rule Low Severity -
PE-08.02.01
<GroupDescription></GroupDescription>Group -
Intrusion Detection System (IDS) Monitoring Station Personnel - Suitability Checks
<VulnDiscussion>Failure to subject personnel who monitor the IDS alarms to a trustworthiness determination can result in the inadvertent or d...Rule Medium Severity -
PE-08.02.02
<GroupDescription></GroupDescription>Group -
Intrusion Detection System (IDS) Installation and Maintenance Personnel - Suitability Checks
<VulnDiscussion>Failure to subject personnel who install and maintain the IDS alarms to a trustworthiness determination can result in the ina...Rule Medium Severity -
PH-01.03.01
<GroupDescription></GroupDescription>Group -
Physical Security Program - Physical Security Plan (PSP) and/or Systems Security Plan (SSP) Development and Implementation with Consideration/Focus on Protection of Information System Assets in the Physical Environment
<VulnDiscussion>Failure to have a well-documented Physical Security/Systems Security program will result in an increased risk to DoD Informat...Rule Low Severity -
PH-02.02.01
<GroupDescription></GroupDescription>Group -
Risk Assessment -Holistic Review (site/environment/information systems)
<VulnDiscussion>Failure to conduct a risk analysis could result in not implementing an effective countermeasure to a vulnerability or wasting...Rule Medium Severity -
PH-03.02.01
<GroupDescription></GroupDescription>Group -
Physical Protection of Unclassified Key System Devices/Computer Rooms in Large Processing Facilities
<VulnDiscussion>Allowing access to systems processing sensitive information by personnel without the need-to-know could permit loss, destruct...Rule Medium Severity -
PH-04.02.01
<GroupDescription></GroupDescription>Group -
Restricted Area and Controlled Area Designation of Areas Housing Critical Information System Components or Classified /Sensitive Technology or Data
<VulnDiscussion>Failure to designate the areas housing the critical information technology systems as a restricted or controlled access area ...Rule Medium Severity -
PH-05.02.01
<GroupDescription></GroupDescription>Group -
Security-in-Depth (AKA: Defense-in-Depth) - Minimum Physical Barriers and Access Control Measures for Facilities or Buildings Containing DoDIN (SIPRNet/NIPRNet) Connected Assets.
<VulnDiscussion>Failure to use security-in-depth can result in a facility being vulnerable to an undetected intrusion or an intrusion that ca...Rule Medium Severity -
PH-06.02.01
<GroupDescription></GroupDescription>Group -
Visitor Control - To Facility or Organization with Information System Assets Connected to the DISN
<VulnDiscussion>Failure to identify and control visitors could result in unauthorized personnel gaining access to the facility with the inten...Rule Medium Severity -
PH-07.02.01
<GroupDescription></GroupDescription>Group -
Sensitive Item Control - Keys, Locks and Access Cards Controlling Access to Information Systems (IS) or IS Assets Connected to the DISN
<VulnDiscussion>Lack of an adequate key/credential/access device control could result in unauthorized personnel gaining access to the facilit...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.