Skip to content
ATO Pathways
  Log In

III - Administrative Sensitive

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000375

    <GroupDescription></GroupDescription>
    Group
    Show

  • The application server must record time stamps for log records that meet a granularity of one second for a minimum degree of precision.

    &lt;VulnDiscussion&gt;To investigate an incident, the log records should be easily put into chronological order. Without sufficient granularity of...
    Rule Medium Severity
    Show

  • SRG-APP-000380

    <GroupDescription></GroupDescription>
    Group
    Show

  • The application server must enforce access restrictions associated with changes to application server configuration.

    &lt;VulnDiscussion&gt;When dealing with access restrictions pertaining to change control, it should be noted that any changes to the software, and/...
    Rule Medium Severity
    Show

  • SRG-APP-000381

    <GroupDescription></GroupDescription>
    Group
    Show

  • The application server must log the enforcement actions used to restrict access associated with changes to the application server.

    &lt;VulnDiscussion&gt;Without logging the enforcement of access restrictions against changes to the application server configuration, it will be di...
    Rule Medium Severity
    Show

  • SRG-APP-000389

    <GroupDescription></GroupDescription>
    Group
    Show

  • The application server must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.

    &lt;VulnDiscussion&gt;Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When applica...
    Rule Medium Severity
    Show

  • SRG-APP-000391

    <GroupDescription></GroupDescription>
    Group
    Show

  • The application server must accept Personal Identity Verification (PIV) credentials to access the management interface.

    &lt;VulnDiscussion&gt;The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. PIV credentials are only...
    Rule High Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules