Skip to content

III - Administrative Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000516-NDM-000317

    <GroupDescription></GroupDescription>
    Group
  • The BIG-IP appliance must be configured to enforce a 60-day maximum password lifetime restriction.

    &lt;VulnDiscussion&gt;Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed at specific intervals...
    Rule Medium Severity
  • SRG-APP-000516-NDM-000317

    <GroupDescription></GroupDescription>
    Group
  • The BIG-IP appliance must be configured to automatically remove or disable emergency accounts after 72 hours.

    &lt;VulnDiscussion&gt;Emergency accounts are administrator accounts that are established in response to crisis situations where the need for rapid ...
    Rule Medium Severity
  • SRG-APP-000516-NDM-000317

    <GroupDescription></GroupDescription>
    Group
  • The application must be configured to reveal error messages only to authorized individuals (ISSO, ISSM, and SA).

    &lt;VulnDiscussion&gt;Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an orga...
    Rule Medium Severity
  • SRG-APP-000516-NDM-000317

    <GroupDescription></GroupDescription>
    Group
  • The BIG-IP appliance must be configured to activate a system alert message, send an alarm, and/or automatically shut down when a component failure is detected.

    &lt;VulnDiscussion&gt;Predictable failure prevention requires organizational planning to address device failure issues. If components key to mainta...
    Rule Medium Severity
  • SRG-APP-000516-NDM-000317

    <GroupDescription></GroupDescription>
    Group
  • The BIG-IP appliance must be configured to generate alerts that can be forwarded to the administrators and Information System Security Officer (ISSO) when accounts are created.

    &lt;VulnDiscussion&gt;Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of reestab...
    Rule Medium Severity
  • SRG-APP-000516-NDM-000317

    <GroupDescription></GroupDescription>
    Group
  • The BIG-IP appliance must be configured to generate alerts that can be forwarded to the administrators and Information System Security Officer (ISSO) when accounts are modified.

    &lt;VulnDiscussion&gt;Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of reestab...
    Rule Medium Severity
  • SRG-APP-000516-NDM-000317

    <GroupDescription></GroupDescription>
    Group
  • The BIG-IP appliance must be configured to generate alerts that can be forwarded to the administrators and Information System Security Officer (ISSO) when accounts are disabled.

    &lt;VulnDiscussion&gt;When application accounts are disabled, administrator accessibility is affected. Accounts are utilized for identifying indivi...
    Rule Medium Severity
  • SRG-APP-000516-NDM-000317

    <GroupDescription></GroupDescription>
    Group
  • The BIG-IP appliance must be configured to generate alerts that can be forwarded to the administrators and Information System Security Officer (ISSO) when accounts are removed.

    &lt;VulnDiscussion&gt;When application accounts are removed, administrator accessibility is affected. Accounts are utilized for identifying individ...
    Rule Medium Severity
  • SRG-APP-000516-NDM-000317

    <GroupDescription></GroupDescription>
    Group
  • The BIG-IP appliance must be configured to generate an immediate alert for account-enabling actions.

    &lt;VulnDiscussion&gt;Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of reestab...
    Rule Medium Severity
  • SRG-APP-000516-NDM-000317

    <GroupDescription></GroupDescription>
    Group
  • The BIG-IP appliance must be configured to transmit access authorization information using approved security safeguards to authorized information systems that enforce access control decisions.

    &lt;VulnDiscussion&gt;Protecting access authorization information (i.e., access control decisions) ensures that authorization information cannot be...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules