Skip to content

I - Mission Critical Sensitive

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000185

    <GroupDescription></GroupDescription>
    Group
  • The operating system must protect the confidentiality and integrity of all information at rest.

    &lt;VulnDiscussion&gt;Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive and...
    Rule Medium Severity
  • SRG-OS-000191

    <GroupDescription></GroupDescription>
    Group
  • The operating system must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, 30 days, and annually, for external scans by Computer Network Defense Service Provider (CNDSP).

    &lt;VulnDiscussion&gt;Without the use of automated mechanisms to scan for security flaws on a continuous and/or periodic basis, the operating syste...
    Rule Medium Severity
  • SRG-OS-000205

    <GroupDescription></GroupDescription>
    Group
  • The operating system must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.

    &lt;VulnDiscussion&gt; Any operating system providing too much information in error messages risks compromising the data and security of the struct...
    Rule Medium Severity
  • SRG-OS-000206

    <GroupDescription></GroupDescription>
    Group
  • The operating system must reveal error messages only to authorized users.

    &lt;VulnDiscussion&gt;Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an orga...
    Rule Medium Severity
  • SRG-OS-000228

    <GroupDescription></GroupDescription>
    Group
  • Any publically accessible connection to the operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system.

    &lt;VulnDiscussion&gt;Display of a standardized and approved use notification before granting access to the publicly accessible operating system en...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules