Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000126-GPOS-00066
<GroupDescription></GroupDescription>Group -
TOSS must force a frequent session key renegotiation for SSH connections by the client.
<VulnDiscussion>Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected commu...Rule Medium Severity -
SRG-OS-000033-GPOS-00014
<GroupDescription></GroupDescription>Group -
TOSS must force a frequent session key renegotiation for SSH connections to the server.
<VulnDiscussion>Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected commu...Rule Medium Severity -
SRG-OS-000033-GPOS-00014
<GroupDescription></GroupDescription>Group -
TOSS must implement NIST FIPS-validated cryptography for the following: to provision digital signatures; to generate cryptographic hashes; and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
<VulnDiscussion>Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The operating ...Rule High Severity -
SRG-OS-000069-GPOS-00037
<GroupDescription></GroupDescription>Group -
TOSS must enforce password complexity by requiring that at least one uppercase character be used.
<VulnDiscussion>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, ...Rule Medium Severity -
SRG-OS-000070-GPOS-00038
<GroupDescription></GroupDescription>Group -
SRG-OS-000297-GPOS-00115
<GroupDescription></GroupDescription>Group -
TOSS must enforce password complexity by requiring that at least one lowercase character be used.
<VulnDiscussion>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, ...Rule Medium Severity -
SRG-OS-000071-GPOS-00039
<GroupDescription></GroupDescription>Group -
TOSS must enforce password complexity by requiring that at least one numeric character be used.
<VulnDiscussion>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, ...Rule Medium Severity -
SRG-OS-000072-GPOS-00040
<GroupDescription></GroupDescription>Group -
TOSS must require the change of at least eight characters when passwords are changed.
<VulnDiscussion>If the operating system allows the user to consecutively reuse extensive portions of passwords, this increases the chances of...Rule Medium Severity -
SRG-OS-000073-GPOS-00041
<GroupDescription></GroupDescription>Group -
TOSS must store only encrypted representations of passwords.
<VulnDiscussion>Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are...Rule Medium Severity -
SRG-OS-000074-GPOS-00042
<GroupDescription></GroupDescription>Group -
TOSS must not have the rsh-server package installed.
<VulnDiscussion>Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are...Rule Medium Severity -
SRG-OS-000075-GPOS-00043
<GroupDescription></GroupDescription>Group -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
TOSS must enforce a 60-day maximum password lifetime restriction.
<VulnDiscussion>Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If the ...Rule Medium Severity -
SRG-OS-000078-GPOS-00046
<GroupDescription></GroupDescription>Group -
TOSS must enforce a minimum 15-character password length.
<VulnDiscussion>The shorter the password, the lower the number of possible combinations that need to be tested before the password is comprom...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
TOSS must cover or disable the built-in or attached camera when not in use.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
TOSS must disable IEEE 1394 (FireWire) Support.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
TOSS must disable mounting of cramfs.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
A File Transfer Protocol (FTP) server package must not be installed unless mission essential on TOSS.
<VulnDiscussion>The FTP service provides an unencrypted remote access that does not provide for the confidentiality and integrity of user pas...Rule High Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
TOSS must disable network management of the chrony daemon.
<VulnDiscussion>Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the cor...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
TOSS must disable the asynchronous transfer mode (ATM) protocol.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
TOSS must disable the controller area network (CAN) protocol.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
TOSS must disable the stream control transmission (SCTP) protocol.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
TOSS must disable the transparent inter-process communication (TIPC) protocol.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
TOSS must not accept router advertisements on all IPv6 interfaces by default.
<VulnDiscussion>Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this s...Rule Medium Severity -
TOSS must not have any automated bug reporting tools installed.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
TOSS must not have the sendmail package installed.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
TOSS must not have the telnet-server package installed.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Medium Severity -
SRG-OS-000096-GPOS-00050
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.