II - Mission Support Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000480-GPOS-00230
Group -
All AIX interactive users must be assigned a home directory in the passwd file and the directory must exist.
All users must be assigned a home directory in the passwd file. Failure to have a home directory may result in the user being put in the root directory. This could create a Denial of Service becaus...Rule Medium Severity -
SRG-OS-000105-GPOS-00052
Group -
The AIX operating system must use Multi Factor Authentication.
To assure accountability and prevent unauthenticated access, privileged and non-privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system. M...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
The AIX operating system must be configured to authenticate using Multi Factor Authentication.
To assure accountability and prevent unauthenticated access, privileged and non-privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system. M...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
The AIX operating system must be configured to use Multi Factor Authentication for remote connections.
To assure accountability and prevent unauthenticated access, privileged and non-privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system. M...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
AIX must have the have the PowerSC Multi Factor Authentication Product configured.
To assure accountability and prevent unauthenticated access, privileged and non-privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system. M...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
The AIX operating system must be configured to use a valid server_ca.pem file.
To assure accountability and prevent unauthenticated access, privileged and non-privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system. M...Rule Medium Severity -
SRG-OS-000376-GPOS-00161
Group -
The AIX operating system must accept and verify Personal Identity Verification (PIV) credentials.
The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use of the CAC to support identity management and personal authentication f...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
AIX must employ a deny-all, allow-by-exception firewall policy for allowing connections to other systems.
Failure to restrict network connectivity only to authorized systems permits inbound connections from malicious systems. It also permits outbound connections that may facilitate exfiltration of DoD ...Rule Medium Severity -
SRG-OS-000342-GPOS-00133
Group -
AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full.
Taking appropriate action in case of a filled audit storage volume will minimize the possibility of losing audit records.Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
The AIX /etc/hosts file must be owned by root.
Unauthorized ownership of the /etc/hosts file can lead to the ability for a malicious actor to redirect traffic to servers of their choice. It is also possible to use the /etc/hosts file to block d...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.