I - Mission Critical Sensitive
Rules and Groups employed by this XCCDF Profile
-
IA-11.02.01
<GroupDescription></GroupDescription>Group -
Information Assurance - Unauthorized Wireless Devices - Portable Electronic Devices (PEDs) Used in Classified Processing Areas without Certified TEMPEST Technical Authority (CTTA) Review and Authorizing Official (AO) Approval.
<VulnDiscussion>Allowing wireless devices in the vicinity of classified processing or discussion could directly result in the loss or comprom...Rule Medium Severity -
IA-11.03.01
<GroupDescription></GroupDescription>Group -
Information Assurance - Unauthorized Wireless Devices - No Formal Policy and/or Warning Signs
<VulnDiscussion>Not having a wireless policy and/or warning signs at entrances could result in the unauthorized introduction of wireless devi...Rule Low Severity -
IA-12.01.01
<GroupDescription></GroupDescription>Group -
Information Assurance - Network Connections - Physical Protection of Network Devices such as Routers, Switches and Hubs (Connected to SIPRNet or Other Classified Networks or Systems Being Inspected)
<VulnDiscussion>SIPRNet or other classified network connections that are not properly protected in their physical environment are highly vuln...Rule High Severity -
IA-12.01.02
<GroupDescription></GroupDescription>Group -
Information Assurance - Network Connections - Wall Jack Security on Classified Networks (SIPRNet or other Inspected Classified Network or System) Where Port Authentication Using IEEE 802.1X IS NOT Implemented
<VulnDiscussion>Following is a summary of the primary requirement to use the IEEE 802.1X authentication protocol to secure SIPRNet ports (AKA...Rule High Severity -
IA-12.02.01
<GroupDescription></GroupDescription>Group -
Information Assurance - Network Connections - Physical Protection of Unclassified (NIPRNet) Network Devices such as Routers, Switches and Hubs
<VulnDiscussion>Unclassified (NIPRNet) network connections that are not properly protected in their physical environment are highly vulnerabl...Rule Medium Severity -
ID-01.02.01
<GroupDescription></GroupDescription>Group -
Industrial Security - DD Form 254
<VulnDiscussion>Failure to complete a DD Form 254 (Contract Security Classification Specification) or to specify security clearance and/or IT...Rule Medium Severity -
ID-02.03.01
<GroupDescription></GroupDescription>Group -
Industrial Security - Contractor Visit Authorization Letters (VALs)
<VulnDiscussion>Failure to require Visit Authorization Letters (VALs) for contractor visits could result in sensitive or classified materials...Rule Low Severity -
ID-03.02.01
<GroupDescription></GroupDescription>Group -
Industrial Security - Contract Guard Vetting
<VulnDiscussion>Failure to screen guards could result in employment of unsuitable personnel who are responsible for the safety and security o...Rule Medium Severity -
IS-01.02.01
<GroupDescription></GroupDescription>Group -
Information Security (INFOSEC) - Safe/Vault/Secure Room Management
<VulnDiscussion>Lack of adequate or Improper procedures for management of safes/vaults and secure rooms could result in the loss or compromis...Rule Medium Severity -
IS-02.01.01
<GroupDescription></GroupDescription>Group -
Information Security (INFOSEC) - Vault/Secure Room Storage Standards - Door Combination Lock Meeting Federal Specification FF-L-2740
<VulnDiscussion>Failure to meet Physical Security storage standards could result in the undetected loss or compromise of classified material....Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.