North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) cybersecurity standards profile for Red Hat Enterprise Linux CoreOS
Rules and Groups employed by this XCCDF Profile
-
Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default
To set the runtime status of the <code>net.ipv4.conf.default.send_redirects</code> kernel parameter, run the following command: <pre>$ sudo sysctl ...Rule Medium Severity -
Uncommon Network Protocols
The system includes support for several network protocols which are not commonly used. Although security vulnerabilities in kernel networking code ...Group -
Disable ATM Support
The Asynchronous Transfer Mode (ATM) is a protocol operating on network, data link, and physical layers, based on virtual circuits and virtual path...Rule Medium Severity -
Disable CAN Support
The Controller Area Network (CAN) is a serial communications protocol which was initially developed for automotive and is now also used in marine, ...Rule Medium Severity -
Disable IEEE 1394 (FireWire) Support
The IEEE 1394 (FireWire) is a serial bus standard for high-speed real-time communication. To configure the system to prevent the <code>firewire-co...Rule Low Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules