Skip to content

III - Administrative Classified

Rules and Groups employed by this XCCDF Profile

  • IA-03.02.01

    <GroupDescription></GroupDescription>
    Group
  • Information Assurance - System Security Incidents (Identifying, Reporting, and Handling)

    &lt;VulnDiscussion&gt;Failure to recognize, investigate and report information systems security incidents could result in the loss of confidentiali...
    Rule Medium Severity
  • IA-05.02.01

    <GroupDescription></GroupDescription>
    Group
  • Information Assurance - System Access Control Records (DD Form 2875 or equivalent)

    &lt;VulnDiscussion&gt;If accurate records of authorized users are not maintained, then unauthorized personnel could have access to the system. Fail...
    Rule Medium Severity
  • IA-06.02.01

    <GroupDescription></GroupDescription>
    Group
  • Information Assurance - System Training and Certification/ IA Personnel

    &lt;VulnDiscussion&gt;Improperly trained personnel can cause serious system-wide/network-wide problems that render a system/network unstable. REFE...
    Rule Medium Severity
  • IA-06.02.02

    <GroupDescription></GroupDescription>
    Group
  • Information Assurance/Cybersecurity Training for System Users

    &lt;VulnDiscussion&gt;Improperly trained personnel can cause serious system-wide/network-wide problems that render a system/network unstable. REFE...
    Rule Medium Severity
  • IA-07.02.01

    <GroupDescription></GroupDescription>
    Group
  • Information Assurance - Accreditation Documentation

    &lt;VulnDiscussion&gt;Failure to provide the proper documentation can lead to a system connecting without all proper safeguards in place, creating ...
    Rule Medium Severity
  • IA-10.02.01

    <GroupDescription></GroupDescription>
    Group
  • Information Assurance - KVM or A/B Switch not listed on the NIAP U.S. Government Approved Protection Products Compliance List (PCL) for Peripheral Sharing Switches

    &lt;VulnDiscussion&gt;Failure to use tested and approved switch boxes can result in the loss or compromise of classified information. REFERENCES: ...
    Rule Medium Severity
  • IA-10.02.02

    <GroupDescription></GroupDescription>
    Group
  • Information Assurance - KVM Switch (Port Separation) on CYBEX/Avocent 4 or 8 port

    &lt;VulnDiscussion&gt;The back plate of some 4 or 8 port CYBEX/AVOCENT KVM devices provides a physical connection between adjacent ports. Therefore...
    Rule Medium Severity
  • IA-10.02.03

    <GroupDescription></GroupDescription>
    Group
  • Information Assurance - KVM Switch Use of Hot-Keys on SIPRNet Connected Devices

    &lt;VulnDiscussion&gt;Use of "Hot Keys" for switching between devices relies on use of software to separate and switch between the devices. Unless...
    Rule Medium Severity
  • IA-10.03.01

    <GroupDescription></GroupDescription>
    Group
  • Information Assurance - Authorizing Official (AO) and DoDIN Connection Approval Office (CAO) Approval Documentation for use of KVM and A/B switches for Sharing of Classified and Unclassified Peripheral Devices

    &lt;VulnDiscussion&gt;Failure to request approval for connection of existing or additional KVM or A/B devices (switch boxes) for use in switching b...
    Rule Low Severity
  • IA-11.01.01

    <GroupDescription></GroupDescription>
    Group
  • Information Assurance - Classified Portable Electronic Devices (PEDs) Connected to the SIPRNet must be Authorized, Compliant with NSA Guidelines, and be Configured for Data at Rest (DAR) Protection

    &lt;VulnDiscussion&gt;Finding unauthorized and/or improperly configured wireless devices (PEDs) connected to and/or operating on the SIPRNet is a s...
    Rule High Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules