III - Administrative Sensitive

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000113

  • The operating system must implement replay-resistant authentication mechanisms for network access to non-privileged accounts.

    &lt;VulnDiscussion&gt;A replay attack may enable an unauthorized user to gain access to the operating system. Authentication sessions between the a...
    Rule Medium Severity
  • SRG-OS-000114

  • The operating system must uniquely identify peripherals before establishing a connection.

    &lt;VulnDiscussion&gt;Without identifying devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. Per...
    Rule Medium Severity
  • SRG-OS-000118

  • The operating system must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.

    &lt;VulnDiscussion&gt;Inactive identifiers pose a risk to systems and applications because attackers may exploit an inactive identifier and potenti...
    Rule Medium Severity
  • SRG-OS-000120

  • The operating system must use mechanisms meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.

    &lt;VulnDiscussion&gt;Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be r...
    Rule Medium Severity
  • SRG-OS-000121

  • The operating system must uniquely identify and must authenticate non-organizational users (or processes acting on behalf of non-organizational users).

    &lt;VulnDiscussion&gt;Lack of authentication and identification enables non-organizational users to gain access to the application or possibly othe...
    Rule Medium Severity

