Application Security and Development Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The application must only store cryptographic representations of passwords.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule High Severity -
SRG-APP-000172
<GroupDescription></GroupDescription>Group -
The application must transmit only cryptographically-protected passwords.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule High Severity -
SRG-APP-000173
<GroupDescription></GroupDescription>Group -
The application must enforce 24 hours/1 day as the minimum password lifetime.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule Medium Severity -
SRG-APP-000174
<GroupDescription></GroupDescription>Group -
The application must enforce a 60-day maximum password lifetime restriction.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule Medium Severity -
SRG-APP-000165
<GroupDescription></GroupDescription>Group -
The application must prohibit password reuse for a minimum of five generations.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule Medium Severity -
SRG-APP-000397
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.