Skip to content

I - Mission Critical Public

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000001-WSR-000001

    <GroupDescription></GroupDescription>
    Group
  • Envoy must drop connections to disconnected clients.

    &lt;VulnDiscussion&gt;Envoy client connections that are established but no longer connected can consume resources that might otherwise be required ...
    Rule Medium Severity
  • SRG-APP-000001-WSR-000001

    <GroupDescription></GroupDescription>
    Group
  • Envoy must set a limit on established connections.

    &lt;VulnDiscussion&gt;Envoy client connections must be limited to preserve system resources and continue servicing connections without interruption...
    Rule Medium Severity
  • SRG-APP-000014-WSR-000006

    <GroupDescription></GroupDescription>
    Group
  • Envoy must be configured to operate in FIPS mode.

    &lt;VulnDiscussion&gt;Envoy ships with FIPS 140-2 validated OpenSSL cryptographic libraries and is configured by default to run in FIPS mode. This ...
    Rule Medium Severity
  • SRG-APP-000015-WSR-000014

    <GroupDescription></GroupDescription>
    Group
  • Envoy must use only Transport Layer Security (TLS) 1.2 for the protection of client connections.

    &lt;VulnDiscussion&gt;Envoy can be configured to support TLS 1.0, 1.1, and 1.2. Due to intrinsic problems in TLS 1.0 and TLS 1.1, they are disabled...
    Rule Medium Severity
  • SRG-APP-000176-WSR-000096

    <GroupDescription></GroupDescription>
    Group
  • The Envoy private key file must be protected from unauthorized access.

    &lt;VulnDiscussion&gt;Envoy's private key is used to prove the identity of the server to clients and securely exchange the shared secret key used t...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules