Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
TOSS must enforce a 60-day maximum password lifetime restriction.
<VulnDiscussion>Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If the ...Rule Medium Severity -
SRG-OS-000078-GPOS-00046
<GroupDescription></GroupDescription>Group -
TOSS must enforce a minimum 15-character password length.
<VulnDiscussion>The shorter the password, the lower the number of possible combinations that need to be tested before the password is comprom...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
TOSS must cover or disable the built-in or attached camera when not in use.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
TOSS must disable IEEE 1394 (FireWire) Support.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
TOSS must disable mounting of cramfs.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
A File Transfer Protocol (FTP) server package must not be installed unless mission essential on TOSS.
<VulnDiscussion>The FTP service provides an unencrypted remote access that does not provide for the confidentiality and integrity of user pas...Rule High Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
TOSS must disable network management of the chrony daemon.
<VulnDiscussion>Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the cor...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
TOSS must disable the asynchronous transfer mode (ATM) protocol.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
TOSS must disable the controller area network (CAN) protocol.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
TOSS must disable the stream control transmission (SCTP) protocol.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.