Skip to content
ATO Pathways
  Log In

No profile (default benchmark)

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
    Show

  • The ISSO must ensure an account management process is implemented, verifying only authorized users can gain access to the application, and individual accounts designated as inactive, suspended, or terminated are promptly removed.

    &lt;VulnDiscussion&gt;A comprehensive account management process will ensure that only authorized users can gain access to applications and that in...
    Rule Medium Severity
    Show

  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
    Show

  • Application web servers must be on a separate network segment from the application and database servers if it is a tiered application operating in the DoD DMZ.

    &lt;VulnDiscussion&gt;A tiered application usually consists of 3 tiers, the web layer (presentation tier), the application layer (application logic...
    Rule High Severity
    Show

  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
    Show

  • The ISSO must ensure application audit trails are retained for at least 1 year for applications without SAMI data, and 5 years for applications including SAMI data.

    &lt;VulnDiscussion&gt;Log files are a requirement to trace intruder activity or to audit user activity.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt...
    Rule Medium Severity
    Show

  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
    Show

  • The ISSO must review audit trails periodically based on system documentation recommendations or immediately upon system security events.

    &lt;VulnDiscussion&gt;Without access control the data is not secure. It can be compromised, misused, or changed by unauthorized access at any time....
    Rule Medium Severity
    Show

  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
    Show

  • The ISSO must report all suspected violations of IA policies in accordance with DoD information system IA procedures.

    &lt;VulnDiscussion&gt;Violations of IA policies must be reviewed and reported. If there are no policies regarding the reporting of IA violations, I...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules