Skip to content

Application Security and Development Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • The application must require devices to reauthenticate when organization-defined circumstances or situations requiring reauthentication.

    <VulnDiscussion>Without reauthenticating devices, unidentified or unknown devices may be introduced; thereby facilitating malicious activity....
    Rule Medium Severity
  • SRG-APP-000148

    <GroupDescription></GroupDescription>
    Group
  • The application must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).

    &lt;VulnDiscussion&gt;To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to pre...
    Rule High Severity
  • SRG-APP-000149

    <GroupDescription></GroupDescription>
    Group
  • The application must use multifactor (Alt. Token) authentication for network access to privileged accounts.

    &lt;VulnDiscussion&gt;Multifactor authentication requires using two or more factors to achieve authentication and access. Factors include: (i) som...
    Rule Medium Severity
  • SRG-APP-000391

    <GroupDescription></GroupDescription>
    Group
  • The application must accept Personal Identity Verification (PIV) credentials.

    &lt;VulnDiscussion&gt;The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use...
    Rule Medium Severity
  • SRG-APP-000392

    <GroupDescription></GroupDescription>
    Group
  • The application must electronically verify Personal Identity Verification (PIV) credentials.

    &lt;VulnDiscussion&gt;The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use...
    Rule Medium Severity
  • SRG-APP-000150

    <GroupDescription></GroupDescription>
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules