II - Mission Support Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-NET-000076
Group -
The Enterprise Voice, Video, and Messaging Session Manager must produce session (call) records containing where (location) the connection originated.
Without the capability to generate session records, it is difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible. Session records are g...Rule Medium Severity -
SRG-NET-000077
Group -
The Enterprise Voice, Video, and Messaging Session Manager must produce session (call) records containing the identity of the initiator of the call.
Without the capability to generate session records, it is difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible. Session records are g...Rule Medium Severity -
SRG-NET-000078
Group -
The Enterprise Voice, Video, and Messaging Session Manager must produce session (call) records containing the outcome (status) of the connection.
Without the capability to generate session records, it is difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible. Session records are g...Rule Medium Severity -
SRG-NET-000079
Group -
The Enterprise Voice, Video, and Messaging Session Manager must produce session (call) records containing the identity of the users and identifiers associated with the session.
Without the capability to generate session records, it is difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible. Session records are g...Rule Medium Severity -
SRG-NET-000088
Group -
The Enterprise Voice, Video, and Messaging Session Manager must alert the information system security officer (ISSO) and system administrator (SA) (at a minimum) in the event of a session (call) record system failure.
It is critical for the appropriate personnel to be aware if a system is at risk of failing to process session records. Without this notification, the security personnel may be unaware of an impendi...Rule Medium Severity -
SRG-NET-000098
Group -
The Enterprise Voice, Video, and Messaging Session Manager must protect session (call) records from unauthorized read access.
Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity th...Rule Medium Severity -
SRG-NET-000099
Group -
The Enterprise Voice, Video, and Messaging Session Manager must protect session (call) records from unauthorized modification.
If session records were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve. To ensure the veracity of s...Rule Medium Severity -
SRG-NET-000100
Group -
The Enterprise Voice, Video, and Messaging Session Manager must protect session (call) records from unauthorized deletion.
If session records were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve. To ensure the veracity of s...Rule Medium Severity -
SRG-NET-000113
Group -
The Enterprise Voice, Video, and Messaging Session Manager must produce session (call) records for events determined to be significant and relevant by local policy.
Without the capability to generate session records, it is difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible. Session records are g...Rule Medium Severity -
SRG-NET-000131
Group -
The Enterprise Voice, Video, and Messaging Session Manager must be configured to disable nonessential capabilities.
It is detrimental for Enterprise Voice, Video, and Messaging Session Managers to provide, or enable by default, functionality exceeding requirements or mission objectives. These unnecessary capabil...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.