Traditional Security Checklist
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Monitor Screens - Disable Access by CAC or Token Removal, or Lock Computer via Ctrl/Alt/Del
<VulnDiscussion>The DoD Common Access Cards (CAC) a "smart" card, is the standard identification for active-duty military personnel, Selected...Rule High Severity -
Classified Monitors/Displays (Procedures for Obscuration of Classified Monitors) - protection from uncleared persons or those without a need-to-know.
<VulnDiscussion>Failure to develop procedures and training for employees to cover responsibilities and methods for limiting the access of una...Rule Low Severity -
IS-09.02.01
<GroupDescription></GroupDescription>Group -
End-of-Day Checks - Organizations that process or store classified information must establish a system of security checks at the close of each duty and/or business day to ensure that any area where classified information is used or stored is secure. SF 701, Activity Security Checklist, shall be used to record such checks.
<VulnDiscussion>Failure to have written guidance to provide guidance for end-of-day (EOD) checks could lead to such checks not being properl...Rule Medium Severity -
IS-10.01.01
<GroupDescription></GroupDescription>Group -
Classified Reproduction - SIPRNet Connected Classified Multi-Functional Devices (MFD) located in Space Not Approved for Collateral Classified Open Storage.
<VulnDiscussion>Classified Multi-Functional Devices (MFD) include printers, copiers, scanners and facsimile capabilities and contain hard dri...Rule High Severity -
IS-10.02.01
<GroupDescription></GroupDescription>Group -
Classified Reproduction - Following guidance for System to Media Transfer of Data from systems connected specifically to the SIPRNet In-Accordance-With (IAW) US CYBERCOM CTO 10-133A.
<VulnDiscussion>Failure to follow guidance for disabling removable media drives on devices connected to the SIPRNet or, if approved by the lo...Rule Medium Severity -
IS-10.03.01
<GroupDescription></GroupDescription>Group -
Classified Reproduction - Written Procedures for SIPRNet Connected Classified Multi-Functional Devices (MFD) located in Space Not Approved for Collateral Classified Open Storage. NOTE: This vulnerability concerns only PROCEDURES for the reproduction (printing, copying, scanning, faxing) of classified documents on Multi-Functional Devices (MFD) connected to the DoDIN.
<VulnDiscussion>Lack of or improper reproduction procedures for classified material could result in the loss or compromise of classified info...Rule Low Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.