I - Mission Critical Classified
Rules and Groups employed by this XCCDF Profile
-
Publish data spill procedures for mobile devices
<GroupDescription></GroupDescription>Group -
Publish data spill procedures for mobile devices
<VulnDiscussion>When a data spill occurs on a mobile device, classified or sensitive data must be protected to prevent disclosure. After a da...Rule Medium Severity -
Site must follow required data spill procedures
<GroupDescription></GroupDescription>Group -
If a data spill (Classified Message Incident (CMI)) occurs on a mobile device, the site must follow required data spill procedures.
<VulnDiscussion>If required procedures are not followed after a data spill, classified data could be exposed to unauthorized personnel.</V...Rule High Severity -
Follow lost/stolen mobile device procedures
<GroupDescription></GroupDescription>Group -
The site Incident Response Plan or other procedure must include procedures to follow when a mobile operating system (OS) based mobile device is reported lost or stolen.
<VulnDiscussion>Sensitive DoD data could be stored in memory on a DoD operated mobile operating system (OS) based mobile device and the data...Rule Low Severity -
Follow lost/stolen mobile device procedures
<GroupDescription></GroupDescription>Group -
Required actions must be followed at the site when a mobile device has been lost or stolen.
<VulnDiscussion>If procedures for lost or stolen mobile devices are not followed, it is more likely that an adversary could obtain the devic...Rule Low Severity -
MDM server administrator training
<GroupDescription></GroupDescription>Group -
The mobile device management (MDM) server administrator must receive required training.
<VulnDiscussion>The security posture of the MDM server could be compromised if the administrator is not trained to follow required procedures...Rule Low Severity -
MDM server administrator training renewed annually
<GroupDescription></GroupDescription>Group -
MDM server administrator training must be renewed annually.
<VulnDiscussion>The MDM server administrator must renew required training annually.</VulnDiscussion><FalsePositives></FalsePos...Rule Low Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.