Skip to content

II - Mission Support Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000431

    <GroupDescription></GroupDescription>
    Group
  • Trust must be established prior to enabling the loading of remote code in .Net 4.

    &lt;VulnDiscussion&gt;In the .NET Framework version 3.5 and earlier versions, if an application assembly loaded code/objects from a remote location...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • .NET default proxy settings must be reviewed and approved.

    &lt;VulnDiscussion&gt;The .Net framework can be configured to utilize a different proxy or altogether bypass the default proxy settings in the clie...
    Rule Low Severity
  • SRG-APP-000095

    <GroupDescription></GroupDescription>
    Group
  • Event tracing for Windows (ETW) for Common Language Runtime events must be enabled.

    &lt;VulnDiscussion&gt;Event tracing captures information about applications utilizing the .NET CLR and the .NET CLR itself. This includes security ...
    Rule Medium Severity
  • SRG-APP-000431

    <GroupDescription></GroupDescription>
    Group
  • Software utilizing .Net 4.0 must be identified and relevant access controls configured.

    &lt;VulnDiscussion&gt;With the advent of .Net 4.0, the .Net framework no longer directly configures or enforces security policy for .Net applicatio...
    Rule Medium Severity
  • SRG-APP-000219

    <GroupDescription></GroupDescription>
    Group
  • Remoting Services TCP channels must utilize authentication and encryption.

    &lt;VulnDiscussion&gt;Note: Microsoft recommends using the Windows Communication Framework (WCF) rather than .Net remoting. New development project...
    Rule Medium Severity
  • SRG-APP-000383

    <GroupDescription></GroupDescription>
    Group
  • Disable TLS RC4 cipher in .Net

    &lt;VulnDiscussion&gt;Use of the RC4 cipher in TLS could allow an attacker to perform man-in-the-middle attacks and recover plaintext from encrypte...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules