Skip to content

I - Mission Critical Sensitive

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000175-AS-000124

    <GroupDescription></GroupDescription>
    Group
  • Oracle WebLogic, when utilizing PKI-based authentication, must validate certificates by constructing a certification path with status information to an accepted trust anchor.

    &lt;VulnDiscussion&gt;A trust anchor is an authoritative entity represented via a public key and associated data. It is used in the context of publ...
    Rule Medium Severity
  • SRG-APP-000177-AS-000126

    <GroupDescription></GroupDescription>
    Group
  • Oracle WebLogic must map the PKI-based authentication identity to the user account.

    &lt;VulnDiscussion&gt;The cornerstone of the PKI is the private key used to encrypt or digitally sign information. The key by itself is a cryptogra...
    Rule Medium Severity
  • SRG-APP-000179-AS-000129

    <GroupDescription></GroupDescription>
    Group
  • Oracle WebLogic must use cryptographic modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data.

    &lt;VulnDiscussion&gt;Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified ...
    Rule Medium Severity
  • SRG-APP-000179-AS-000129

    <GroupDescription></GroupDescription>
    Group
  • Oracle WebLogic must utilize FIPS 140-2 approved encryption modules when authenticating users and processes.

    &lt;VulnDiscussion&gt;Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified ...
    Rule Medium Severity
  • SRG-APP-000440-AS-000167

    <GroupDescription></GroupDescription>
    Group
  • Oracle WebLogic must employ cryptographic encryption to protect the integrity and confidentiality of nonlocal maintenance and diagnostic communications.

    &lt;VulnDiscussion&gt;Nonlocal maintenance and diagnostic activities are those activities conducted by individuals communicating through a network,...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules