I - Mission Critical Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-NET-000512-ALG-000062
Group -
The IBM Aspera High-Speed Transfer Server must configure the SELinux context type to allow the "aspshell".
Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmwar...Rule Medium Severity -
SRG-NET-000512-ALG-000062
Group -
The IBM Aspera High-Speed Transfer Server must enable content protection for each transfer user by encrypting passphrases used for server-side encryption at rest (SSEAR).
Configuring the network element to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security bas...Rule Medium Severity -
SRG-NET-000015-ALG-000016
Group -
The IBM Aspera High-Speed Transfer Server must enable password protection of the node database.
Configuring the network element to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security bas...Rule Medium Severity -
SRG-NET-000062-ALG-000011
Group -
The IBM Aspera High-Speed Transfer Server must enable the use of dynamic token encryption keys.
Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. The dynamic token encryption key is used for encrypting...Rule Medium Severity -
SRG-NET-000063-ALG-000012
Group -
The IBM Aspera High-Speed Transfer Server must have a master-key set to encrypt the dynamic token encryption key.
Configuring the network element to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security bas...Rule Medium Severity -
SRG-NET-000053-ALG-000001
Group -
The IBM Aspera High-Speed Transfer Server must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.
Network element management includes the ability to control the number of users and user sessions that utilize a network element. Limiting the number of current sessions per user is helpful in limit...Rule Medium Severity -
SRG-NET-000512-ALG-000062
Group -
The IBM Aspera High-Speed Transfer Server must not store group content-protection secrets in plain text.
Configuring the network element to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security bas...Rule Medium Severity -
SRG-NET-000512-ALG-000062
Group -
The IBM Aspera High-Speed Transfer Server must not store node content-protection secrets in plain text.
Configuring the network element to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security bas...Rule Medium Severity -
SRG-NET-000512-ALG-000062
Group -
The IBM Aspera High-Speed Transfer Server must not store user content-protection secrets in plain text.
Configuring the network element to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security bas...Rule Medium Severity -
SRG-NET-000132-ALG-000087
Group -
The IBM Aspera High-Speed Transfer Server must not use the root account for transfers.
By incorporating a least privilege approach to the configuration of the Aspera HSTS platform, this will reduce the exposure of privileged accounts. By default, all system users can establish a FASP...Rule Medium Severity -
SRG-NET-000132-ALG-000087
Group -
The IBM Aspera High-Speed Transfer Server must restrict Aspera transfer users to a limited part of the server's file system.
By restricting the transfer users to a limited part of the server's file system, this prevents unauthorized data transfers. By default, all system users can establish a FASP connection and are only...Rule Medium Severity -
SRG-NET-000138-ALG-000063
Group -
The IBM Aspera High-Speed Transfer Server must restrict the transfer user(s) to the "aspshell".
By default, all system users can establish a FASP connection and are only restricted by file permissions. Restrict the user's file operations by assigning them to use aspshell, which permits only t...Rule Medium Severity -
SRG-NET-000015-ALG-000016
Group -
The IBM Aspera High-Speed Transfer Server must restrict users from using transfer services by default.
Successful authentication must not automatically give an entity access to an asset or security boundary. The lack of authorization-based access control could result in the immediate compromise and ...Rule Medium Severity -
SRG-NET-000015-ALG-000016
Group -
The IBM Aspera High-Speed Transfer Server must restrict users read, write, and browse permissions by default.
Successful authentication must not automatically give an entity access to an asset or security boundary. The lack of authorization-based access control could result in the immediate compromise and ...Rule Medium Severity -
SRG-NET-000132-ALG-000087
Group -
The IBM Aspera High-Speed Transfer Server must set the default docroot to an empty folder.
By restricting the default document root for the Aspera HSTS, this allows for explicit access to be defined on a per user basis. By default, all system users can establish a FASP connection and are...Rule Medium Severity -
SRG-NET-000512-ALG-000062
Group -
The IBM Aspera High-Speed Transfer Server private/secret cryptographic keys file must be group-owned by root to prevent unauthorized read access.
Private key data is used to prove that the entity presenting a public key certificate is the certificate's rightful owner. Compromise of private key data allows an adversary to impersonate the key ...Rule Medium Severity -
SRG-NET-000512-ALG-000062
Group -
The IBM Aspera High-Speed Transfer Server private/secret cryptographic keys file must be owned by root to prevent unauthorized read access.
Private key data is used to prove that the entity presenting a public key certificate is the certificate's rightful owner. Compromise of private key data allows an adversary to impersonate the key ...Rule Medium Severity -
SRG-NET-000512-ALG-000062
Group -
The IBM Aspera High-Speed Transfer Server private/secret cryptographic keys file must have a mode of 0600 or less permissive to prevent unauthorized read access.
Private key data is used to prove that the entity presenting a public key certificate is the certificate's rightful owner. Compromise of private key data allows an adversary to impersonate the key ...Rule Medium Severity -
SRG-NET-000344-ALG-000098
Group -
The IBM Aspera High-Speed Transfer Server must prohibit the use of cached authenticators after an organization-defined time period.
If the cached authenticator information is out of date, the validity of the authentication information may be questionable. This requirement applies to all ALGs that may cache user authenticators ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.