Skip to content

III - Administrative Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-NET-000512-ALG-000062

    <GroupDescription></GroupDescription>
    Group
  • The IBM Aspera High-Speed Transfer Server must configure the SELinux context type to allow the "aspshell".

    &lt;VulnDiscussion&gt;Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed...
    Rule Medium Severity
  • SRG-NET-000512-ALG-000062

    <GroupDescription></GroupDescription>
    Group
  • The IBM Aspera High-Speed Transfer Server must enable content protection for each transfer user by encrypting passphrases used for server-side encryption at rest (SSEAR).

    &lt;VulnDiscussion&gt;Configuring the network element to implement organization-wide security implementation guides and security checklists ensures...
    Rule Medium Severity
  • SRG-NET-000015-ALG-000016

    <GroupDescription></GroupDescription>
    Group
  • The IBM Aspera High-Speed Transfer Server must enable password protection of the node database.

    &lt;VulnDiscussion&gt;Configuring the network element to implement organization-wide security implementation guides and security checklists ensures...
    Rule Medium Severity
  • SRG-NET-000062-ALG-000011

    <GroupDescription></GroupDescription>
    Group
  • The IBM Aspera High-Speed Transfer Server must enable the use of dynamic token encryption keys.

    &lt;VulnDiscussion&gt;Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote...
    Rule Medium Severity
  • SRG-NET-000063-ALG-000012

    <GroupDescription></GroupDescription>
    Group
  • The IBM Aspera High-Speed Transfer Server must have a master-key set to encrypt the dynamic token encryption key.

    &lt;VulnDiscussion&gt;Configuring the network element to implement organization-wide security implementation guides and security checklists ensures...
    Rule Medium Severity
  • SRG-NET-000053-ALG-000001

    <GroupDescription></GroupDescription>
    Group
  • The IBM Aspera High-Speed Transfer Server must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.

    &lt;VulnDiscussion&gt;Network element management includes the ability to control the number of users and user sessions that utilize a network eleme...
    Rule Medium Severity
  • SRG-NET-000512-ALG-000062

    <GroupDescription></GroupDescription>
    Group
  • The IBM Aspera High-Speed Transfer Server must not store group content-protection secrets in plain text.

    &lt;VulnDiscussion&gt;Configuring the network element to implement organization-wide security implementation guides and security checklists ensures...
    Rule Medium Severity
  • SRG-NET-000512-ALG-000062

    <GroupDescription></GroupDescription>
    Group
  • The IBM Aspera High-Speed Transfer Server must not store node content-protection secrets in plain text.

    &lt;VulnDiscussion&gt;Configuring the network element to implement organization-wide security implementation guides and security checklists ensures...
    Rule Medium Severity
  • SRG-NET-000512-ALG-000062

    <GroupDescription></GroupDescription>
    Group
  • The IBM Aspera High-Speed Transfer Server must not store user content-protection secrets in plain text.

    &lt;VulnDiscussion&gt;Configuring the network element to implement organization-wide security implementation guides and security checklists ensures...
    Rule Medium Severity
  • SRG-NET-000132-ALG-000087

    <GroupDescription></GroupDescription>
    Group
  • The IBM Aspera High-Speed Transfer Server must not use the root account for transfers.

    &lt;VulnDiscussion&gt;By incorporating a least privilege approach to the configuration of the Aspera HSTS platform, this will reduce the exposure o...
    Rule Medium Severity
  • SRG-NET-000132-ALG-000087

    <GroupDescription></GroupDescription>
    Group
  • The IBM Aspera High-Speed Transfer Server must restrict Aspera transfer users to a limited part of the server's file system.

    &lt;VulnDiscussion&gt;By restricting the transfer users to a limited part of the server's file system, this prevents unauthorized data transfers. B...
    Rule Medium Severity
  • SRG-NET-000138-ALG-000063

    <GroupDescription></GroupDescription>
    Group
  • The IBM Aspera High-Speed Transfer Server must restrict the transfer user(s) to the "aspshell".

    &lt;VulnDiscussion&gt;By default, all system users can establish a FASP connection and are only restricted by file permissions. Restrict the user's...
    Rule Medium Severity
  • SRG-NET-000015-ALG-000016

    <GroupDescription></GroupDescription>
    Group
  • The IBM Aspera High-Speed Transfer Server must restrict users from using transfer services by default.

    &lt;VulnDiscussion&gt;Successful authentication must not automatically give an entity access to an asset or security boundary. The lack of authoriz...
    Rule Medium Severity
  • SRG-NET-000015-ALG-000016

    <GroupDescription></GroupDescription>
    Group
  • The IBM Aspera High-Speed Transfer Server must restrict users read, write, and browse permissions by default.

    &lt;VulnDiscussion&gt;Successful authentication must not automatically give an entity access to an asset or security boundary. The lack of authoriz...
    Rule Medium Severity
  • SRG-NET-000132-ALG-000087

    <GroupDescription></GroupDescription>
    Group
  • The IBM Aspera High-Speed Transfer Server must set the default docroot to an empty folder.

    &lt;VulnDiscussion&gt;By restricting the default document root for the Aspera HSTS, this allows for explicit access to be defined on a per user bas...
    Rule Medium Severity
  • SRG-NET-000512-ALG-000062

    <GroupDescription></GroupDescription>
    Group
  • The IBM Aspera High-Speed Transfer Server private/secret cryptographic keys file must be group-owned by root to prevent unauthorized read access.

    &lt;VulnDiscussion&gt;Private key data is used to prove that the entity presenting a public key certificate is the certificate's rightful owner. Co...
    Rule Medium Severity
  • SRG-NET-000512-ALG-000062

    <GroupDescription></GroupDescription>
    Group
  • The IBM Aspera High-Speed Transfer Server private/secret cryptographic keys file must be owned by root to prevent unauthorized read access.

    &lt;VulnDiscussion&gt;Private key data is used to prove that the entity presenting a public key certificate is the certificate's rightful owner. Co...
    Rule Medium Severity
  • SRG-NET-000512-ALG-000062

    <GroupDescription></GroupDescription>
    Group
  • The IBM Aspera High-Speed Transfer Server private/secret cryptographic keys file must have a mode of 0600 or less permissive to prevent unauthorized read access.

    &lt;VulnDiscussion&gt;Private key data is used to prove that the entity presenting a public key certificate is the certificate's rightful owner. Co...
    Rule Medium Severity
  • SRG-NET-000344-ALG-000098

    <GroupDescription></GroupDescription>
    Group
  • The IBM Aspera High-Speed Transfer Server must prohibit the use of cached authenticators after an organization-defined time period.

    &lt;VulnDiscussion&gt;If the cached authenticator information is out of date, the validity of the authentication information may be questionable. ...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules