HPE 3PAR SSMC Operating System Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000228-GPOS-00088
Group -
Any publicly accessible connection to SSMC must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system.
Display of a standardized and approved use notification before granting access to the publicly accessible operating system ensures privacy and security notification verbiage used is consistent with...Rule Medium Severity -
SSMC must enforce a minimum 15-character password length.
The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised. Password complexity, or strength, is a measure of the effectivene...Rule Medium Severity -
SSMC must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
Any operating system providing too much information in error messages risks compromising the data and security of the structure, and content of error messages needs to be carefully considered by t...Rule Medium Severity -
SSMC must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity.
Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port th...Rule Medium Severity -
SSMC must enforce the limit of three consecutive invalid logon attempts by a nonadministrative user.
By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking...Rule Low Severity -
SRG-OS-000163-GPOS-00072
Group -
SRG-OS-000023-GPOS-00006
Group -
SSMC must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system.
Display of a standardized and approved use notification before granting access to SSMC ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive ...Rule Medium Severity -
SRG-OS-000125-GPOS-00065
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.