Traditional Security Checklist
Rules, Groups, and Values defined within the XCCDF Benchmark
-
IA-02.02.01
<GroupDescription></GroupDescription>Group -
Information Assurance - COOP Plan and Testing (Not in Place for Information Technology Systems or Not Considered in the organizational Holistic Risk Assessment)
<VulnDiscussion>Failure to develop a COOP and test it periodically can result in the partial or total loss of operations and INFOSEC. A conti...Rule Medium Severity -
IA-02.03.01
<GroupDescription></GroupDescription>Group -
Information Assurance - COOP Plan or Testing (Incomplete)
<VulnDiscussion>Failure to develop a COOP and test it periodically can result in the partial or total loss of operations and INFOSEC. A conti...Rule Low Severity -
IA-03.02.01
<GroupDescription></GroupDescription>Group -
Information Assurance - System Security Incidents (Identifying, Reporting, and Handling)
<VulnDiscussion>Failure to recognize, investigate and report information systems security incidents could result in the loss of confidentiali...Rule Medium Severity -
IA-05.02.01
<GroupDescription></GroupDescription>Group -
Information Assurance - System Access Control Records (DD Form 2875 or equivalent)
<VulnDiscussion>If accurate records of authorized users are not maintained, then unauthorized personnel could have access to the system. Fail...Rule Medium Severity -
IA-06.02.01
<GroupDescription></GroupDescription>Group -
Information Assurance - System Training and Certification/ IA Personnel
<VulnDiscussion>Improperly trained personnel can cause serious system-wide/network-wide problems that render a system/network unstable. REFE...Rule Medium Severity -
IA-06.02.02
<GroupDescription></GroupDescription>Group -
Information Assurance/Cybersecurity Training for System Users
<VulnDiscussion>Improperly trained personnel can cause serious system-wide/network-wide problems that render a system/network unstable. REFE...Rule Medium Severity -
IA-07.02.01
<GroupDescription></GroupDescription>Group -
Information Assurance - Accreditation Documentation
<VulnDiscussion>Failure to provide the proper documentation can lead to a system connecting without all proper safeguards in place, creating ...Rule Medium Severity -
IA-10.02.01
<GroupDescription></GroupDescription>Group -
Information Assurance - KVM or A/B Switch not listed on the NIAP U.S. Government Approved Protection Products Compliance List (PCL) for Peripheral Sharing Switches
<VulnDiscussion>Failure to use tested and approved switch boxes can result in the loss or compromise of classified information. REFERENCES: ...Rule Medium Severity -
IA-10.02.02
<GroupDescription></GroupDescription>Group -
Information Assurance - KVM Switch (Port Separation) on CYBEX/Avocent 4 or 8 port
<VulnDiscussion>The back plate of some 4 or 8 port CYBEX/AVOCENT KVM devices provides a physical connection between adjacent ports. Therefore...Rule Medium Severity -
IA-10.02.03
<GroupDescription></GroupDescription>Group -
Information Assurance - KVM Switch Use of Hot-Keys on SIPRNet Connected Devices
<VulnDiscussion>Use of "Hot Keys" for switching between devices relies on use of software to separate and switch between the devices. Unless...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.