I - Mission Critical Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000516-AS-000237
Group -
Oracle WebLogic must enforce password complexity by the number of lower-case characters used.
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Use of a complex password helps to increase the time a...Rule Medium Severity -
SRG-APP-000516-AS-000237
Group -
Oracle WebLogic must enforce password complexity by the number of numeric characters used.
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Use of a complex password helps to increase the time a...Rule Medium Severity -
SRG-APP-000516-AS-000237
Group -
Oracle WebLogic must enforce password complexity by the number of special characters used.
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Use of a complex password helps to increase the time a...Rule Medium Severity -
SRG-APP-000172-AS-000120
Group -
Oracle WebLogic must encrypt passwords during transmission.
Passwords need to be protected at all times, and encryption is the standard method for protecting passwords during transmission. Application servers have the capability to utilize either certific...Rule High Severity -
SRG-APP-000172-AS-000121
Group -
Oracle WebLogic must utilize encryption when using LDAP for authentication.
Passwords need to be protected at all times, and encryption is the standard method for protecting passwords during transmission. Application servers have the capability to utilize LDAP directorie...Rule High Severity -
SRG-APP-000175-AS-000124
Group -
Oracle WebLogic, when utilizing PKI-based authentication, must validate certificates by constructing a certification path with status information to an accepted trust anchor.
A trust anchor is an authoritative entity represented via a public key and associated data. It is used in the context of public key infrastructures, X.509 digital certificates, and DNSSEC. When t...Rule Medium Severity -
SRG-APP-000177-AS-000126
Group -
Oracle WebLogic must map the PKI-based authentication identity to the user account.
The cornerstone of the PKI is the private key used to encrypt or digitally sign information. The key by itself is a cryptographic value that does not contain specific user information. Applicatio...Rule Medium Severity -
SRG-APP-000179-AS-000129
Group -
Oracle WebLogic must use cryptographic modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data.
Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified and cannot be relied upon to provide confidentiality or integrity, and D...Rule Medium Severity -
SRG-APP-000179-AS-000129
Group -
Oracle WebLogic must utilize FIPS 140-2 approved encryption modules when authenticating users and processes.
Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified and cannot be relied upon to provide confidentiality or integrity, and D...Rule Medium Severity -
SRG-APP-000440-AS-000167
Group -
Oracle WebLogic must employ cryptographic encryption to protect the integrity and confidentiality of nonlocal maintenance and diagnostic communications.
Nonlocal maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network....Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.