ROSCOE configuration/parameter values are not specified properly.
An XCCDF Rule
Description
<VulnDiscussion>Product configuration/parameters control the security and operational characteristics of products. If these parameter values are improperly specified, security and operational controls may be weakened. This exposure may threaten the availability of the product applications, and compromise the confidentiality of customer data.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-224341r520831_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
The product systems programmer will verify that any configuration / parameters that are required to control the security of the product are properly configured and syntactically correct.
See the required parameters below: Example
Keyword Value
EXTSEC ACF2