Skip to content

I - Mission Critical Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000096-GPOS-00050

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must disable the loading of unnecessary kernel modules.

    &lt;VulnDiscussion&gt;To support the requirements and principles of least functionality, the operating system must provide only essential capabilit...
    Rule Medium Severity
  • SRG-OS-000104-GPOS-00051

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must not have duplicate User IDs (UIDs).

    &lt;VulnDiscussion&gt;To ensure accountability and prevent unauthenticated access, organizational users must be uniquely identified and authenticat...
    Rule Medium Severity
  • SRG-OS-000118-GPOS-00060

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must disable new accounts immediately upon password expiration.

    &lt;VulnDiscussion&gt;Inactive identifiers pose a risk to systems and applications because attackers may exploit an inactive identifier and potenti...
    Rule Medium Severity
  • SRG-OS-000142-GPOS-00071

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must use Transmission Control Protocol (TCP) syncookies.

    &lt;VulnDiscussion&gt;A TCP SYN flood attack can cause a denial of service by filling a system's TCP connection table with connections in the SYN_R...
    Rule Medium Severity
  • SRG-OS-000163-GPOS-00072

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must configure sshd to disconnect idle Secure Shell (SSH) sessions.

    &lt;VulnDiscussion&gt;Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take c...
    Rule Medium Severity
  • SRG-OS-000163-GPOS-00072

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must configure sshd to disconnect idle Secure Shell (SSH) sessions.

    &lt;VulnDiscussion&gt;Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take c...
    Rule Medium Severity
  • SRG-OS-000206-GPOS-00084

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system "/var/log" directory must be owned by root.

    &lt;VulnDiscussion&gt;Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an orga...
    Rule Medium Severity
  • SRG-OS-000206-GPOS-00084

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system messages file must have the correct ownership and file permissions.

    &lt;VulnDiscussion&gt;Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an orga...
    Rule Medium Severity
  • SRG-OS-000239-GPOS-00089

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must audit all account modifications.

    &lt;VulnDiscussion&gt;Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing ...
    Rule Medium Severity
  • SRG-OS-000239-GPOS-00089

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must audit all account modifications.

    &lt;VulnDiscussion&gt;Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing ...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules