Skip to content

I - Mission Critical Public

Rules and Groups employed by this XCCDF Profile

  • Envoy must be configured to operate in FIPS mode.

    <VulnDiscussion>Envoy ships with FIPS 140-2 validated OpenSSL cryptographic libraries and is configured by default to run in FIPS mode. This ...
    Rule Medium Severity
  • SRG-APP-000015-WSR-000014

    <GroupDescription></GroupDescription>
    Group
  • Envoy must use only Transport Layer Security (TLS) 1.2 for the protection of client connections.

    &lt;VulnDiscussion&gt;Envoy can be configured to support TLS 1.0, 1.1, and 1.2. Due to intrinsic problems in TLS 1.0 and TLS 1.1, they are disabled...
    Rule Medium Severity
  • SRG-APP-000176-WSR-000096

    <GroupDescription></GroupDescription>
    Group
  • The Envoy private key file must be protected from unauthorized access.

    &lt;VulnDiscussion&gt;Envoy's private key is used to prove the identity of the server to clients and securely exchange the shared secret key used t...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules