Skip to content
Log In

II - Mission Support Sensitive

Rules and Groups employed by this XCCDF Profile

  • NET0140

    Group
    Show

  • The connection between the Channel Service Unit/Data Service Unit (CSU/DSU) and the Local Exchange Carriers (LEC) data service jack (i.e., demarc) as well as any service provider premise equipment must be located in a secure environment.

    DOD leased lines carry an aggregate of sensitive and non-sensitive data; therefore unauthorized access must be restricted. Inadequate cable protection can lead to damage and denial of service attac...
    Rule Low Severity
    Show

  • NET-IDPS-016

    Group
    Show

  • An Intrusion Detection and Prevention System (IDPS) sensor must be deployed to monitor all Demilitarized Zone (DMZ) segments housing public servers.

    The initial step in IDPS deployment is determining where sensors should be placed. Because attacks originate at the enclave perimeter and within the enclave boundary an IDPS implementation at the e...
    Rule Medium Severity
    Show

  • NET-IDPS-018

    Group
    Show

  • An Intrusion Detection and Prevention System (IDPS) sensor must be deployed to monitor the network segment hosting web, application, and database servers.

    Attacks can originate within the enclave boundary. Hence, deploying an IDPS on the network segment hosting web, application, and database servers is imperative. The servers are critical resource an...
    Rule Medium Severity
    Show

  • NET-IDPS-019

    Group
    Show

  • An Intrusion Detection and Prevention System (IDPS) sensor must be deployed to monitor network segments that house network security management servers.

    The initial step in IDPS deployment is determining where sensors should be placed. Because attacks originate at the enclave perimeter and within the enclave boundary an IDPS implementation at the e...
    Rule Medium Severity
    Show

  • NET-IDPS-021

    Group
    Show

  • An Intrusion Detection and Prevention System (IDPS) must be deployed to monitor all unencrypted traffic entering and leaving the enclave.

    Per CJCSI 6510.01F, Enclosure A-5, Paragraph 8, "DOD ISs (e.g., enclaves, applications, outsourced IT-based process, and platform IT interconnections) shall be monitored to detect and react to inc...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules