Skip to content

Application Security and Development Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • The application must only store cryptographic representations of passwords.

    <VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...
    Rule High Severity
  • SRG-APP-000172

    <GroupDescription></GroupDescription>
    Group
  • The application must transmit only cryptographically-protected passwords.

    &lt;VulnDiscussion&gt;Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...
    Rule High Severity
  • SRG-APP-000173

    <GroupDescription></GroupDescription>
    Group
  • The application must enforce 24 hours/1 day as the minimum password lifetime.

    &lt;VulnDiscussion&gt;Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules