Skip to content

Traditional Security Checklist

Rules, Groups, and Values defined within the XCCDF Benchmark

  • IS-02.02.01

    <GroupDescription></GroupDescription>
    Group
  • IS-02.03.01

    <GroupDescription></GroupDescription>
    Group
  • Information Assurance - Classified Portable Electronic Devices (PEDs) Connected to the SIPRNet must be Authorized, Compliant with NSA Guidelines, and be Configured for Data at Rest (DAR) Protection

    &lt;VulnDiscussion&gt;Finding unauthorized and/or improperly configured wireless devices (PEDs) connected to and/or operating on the SIPRNet is a s...
    Rule High Severity
  • IA-11.02.01

    <GroupDescription></GroupDescription>
    Group
  • CS-01.03.01

    <GroupDescription></GroupDescription>
    Group
  • COMSEC Account Management - Appointment of Responsible Person

    &lt;VulnDiscussion&gt;Lack of formal designation of an individual to be responsible for COMSEC items could result in mismanagement, loss or even co...
    Rule Low Severity
  • CS-01.03.02

    <GroupDescription></GroupDescription>
    Group
  • COMSEC Account Management - Program Management and Standards Compliance

    &lt;VulnDiscussion&gt;Recipients of NSA or Service COMSEC accounts are responsible to properly maintain the accounts. Procedures covering security,...
    Rule Low Severity
  • CS-02.02.01

    <GroupDescription></GroupDescription>
    Group
  • COMSEC Training - COMSEC Custodian or Hand Receipt Holder

    &lt;VulnDiscussion&gt;Lack of appropriate training for managers of COMSEC accounts could result in the mismanagement of COMSEC records and inadequa...
    Rule Medium Severity
  • CS-02.02.02

    <GroupDescription></GroupDescription>
    Group
  • COMSEC Training - COMSEC User

    &lt;VulnDiscussion&gt;Failure to properly brief COMSEC users could result in the loss of cryptologic devices or key, or the compromise of classifie...
    Rule Medium Severity
  • CS-03.01.01

    <GroupDescription></GroupDescription>
    Group
  • Classified Transmission - Electronic Means using Cryptographic System Authorized by the Director, NSA

    &lt;VulnDiscussion&gt;Failure to properly encrypt classified data in transit can lead to the loss or compromise of classified or sensitive informat...
    Rule High Severity
  • CS-04.01.01

    <GroupDescription></GroupDescription>
    Group
  • Protected Distribution System (PDS) Construction - Point of Presence (PoP) and Terminal Equipment Protection. This requirement concerns security of both the starting and ending points for PDS within proper physically protected and access controlled environments.

    &lt;VulnDiscussion&gt;A PDS that is not constructed and physically protected as required could result in the covert or undetected interception of c...
    Rule High Severity
  • CS-04.01.02

    <GroupDescription></GroupDescription>
    Group
  • Protected Distribution System (PDS) Construction - Hardened Carrier

    &lt;VulnDiscussion&gt;A PDS that is not constructed and configured as required could result in the undetected interception of classified informatio...
    Rule High Severity
  • CS-04.01.03

    <GroupDescription></GroupDescription>
    Group
  • Protected Distribution System (PDS) Construction - Pull Box Security

    &lt;VulnDiscussion&gt;A PDS that is not constructed and configured as required could result in the undetected interception of classified informatio...
    Rule High Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules