II - Mission Support Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must enforce password complexity by the number of lower-case characters used.
<VulnDiscussion>Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must enforce password complexity by the number of numeric characters used.
<VulnDiscussion>Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must enforce password complexity by the number of special characters used.
<VulnDiscussion>Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute...Rule Medium Severity -
SRG-APP-000172-AS-000120
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must encrypt passwords during transmission.
<VulnDiscussion>Passwords need to be protected at all times, and encryption is the standard method for protecting passwords during transmissi...Rule High Severity -
SRG-APP-000172-AS-000121
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must utilize encryption when using LDAP for authentication.
<VulnDiscussion>Passwords need to be protected at all times, and encryption is the standard method for protecting passwords during transmissi...Rule High Severity -
SRG-APP-000175-AS-000124
<GroupDescription></GroupDescription>Group -
Oracle WebLogic, when utilizing PKI-based authentication, must validate certificates by constructing a certification path with status information to an accepted trust anchor.
<VulnDiscussion>A trust anchor is an authoritative entity represented via a public key and associated data. It is used in the context of publ...Rule Medium Severity -
SRG-APP-000177-AS-000126
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must map the PKI-based authentication identity to the user account.
<VulnDiscussion>The cornerstone of the PKI is the private key used to encrypt or digitally sign information. The key by itself is a cryptogra...Rule Medium Severity -
SRG-APP-000179-AS-000129
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must use cryptographic modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data.
<VulnDiscussion>Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified ...Rule Medium Severity -
SRG-APP-000179-AS-000129
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must utilize FIPS 140-2 approved encryption modules when authenticating users and processes.
<VulnDiscussion>Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified ...Rule Medium Severity -
SRG-APP-000440-AS-000167
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must employ cryptographic encryption to protect the integrity and confidentiality of nonlocal maintenance and diagnostic communications.
<VulnDiscussion>Nonlocal maintenance and diagnostic activities are those activities conducted by individuals communicating through a network,...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.