I - Mission Critical Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000177
<GroupDescription></GroupDescription>Group -
AAA Services must be configured to map the authenticated identity to the user account for PKI-based authentication.
<VulnDiscussion>Without mapping the certificate used to authenticate to the user account, the ability to determine the identity of the indivi...Rule Medium Severity -
SRG-APP-000231
<GroupDescription></GroupDescription>Group -
AAA Services must be configured to protect the confidentiality and integrity of all information at rest.
<VulnDiscussion>Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive and...Rule High Severity -
SRG-APP-000234
<GroupDescription></GroupDescription>Group -
AAA Services must be configured to prevent automatically removing emergency accounts.
<VulnDiscussion>Emergency accounts are administrator accounts that are established in response to crisis situations where the need for rapid ...Rule Medium Severity -
SRG-APP-000234
<GroupDescription></GroupDescription>Group -
AAA Services must be configured to prevent automatically disabling emergency accounts.
<VulnDiscussion>Emergency accounts are administrator accounts that are established in response to crisis situations where the need for rapid ...Rule Low Severity -
SRG-APP-000291
<GroupDescription></GroupDescription>Group -
AAA Services must be configured to notify the system administrators (SAs) and information system security officer (ISSO) when accounts are created.
<VulnDiscussion>Once an attacker establishes access to an application, the attacker often attempts to create a persistent method of re-establ...Rule Medium Severity -
SRG-APP-000292
<GroupDescription></GroupDescription>Group -
AAA Services must be configured to notify the system administrators (SAs) and information system security officer (ISSO) when accounts are modified.
<VulnDiscussion>When application accounts are modified, user accessibility is affected. Accounts are utilized for identifying individual user...Rule Medium Severity -
SRG-APP-000293
<GroupDescription></GroupDescription>Group -
AAA Services must be configured to notify the system administrators (SAs) and information system security officer (ISSO) for account disabling actions.
<VulnDiscussion>When application accounts are disabled, user accessibility is affected. Accounts are utilized for identifying individual user...Rule Medium Severity -
SRG-APP-000294
<GroupDescription></GroupDescription>Group -
AAA Services must be configured to notify the system administrators (SAs) and information system security officer (ISSO) for account removal actions.
<VulnDiscussion>When application accounts are removed, user accessibility is affected. Accounts are utilized for identifying users or for ide...Rule Medium Severity -
SRG-APP-000319
<GroupDescription></GroupDescription>Group -
AAA Services must be configured to automatically audit account enabling actions.
<VulnDiscussion>Once an attacker establishes access to an application, the attacker often attempts to create a persistent method of reestabli...Rule Medium Severity -
SRG-APP-000320
<GroupDescription></GroupDescription>Group -
AAA Services must be configured to notify system administrators (SAs) and information system security officer (ISSO) of account enabling actions.
<VulnDiscussion>Once an attacker establishes access to an application, the attacker often attempts to create a persistent method of reestabli...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.