I - Mission Critical Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
The application must be registered with the DoD Ports and Protocols Database.
<VulnDiscussion>Failure to register the applications usage of ports, protocols, and services with the DoD PPS Database may result in a Denial...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
The Configuration Management (CM) repository must be properly patched and STIG compliant.
<VulnDiscussion>A Configuration Management (CM) repository is used to manage application code versions and to securely store application code...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Access privileges to the Configuration Management (CM) repository must be reviewed every three months.
<VulnDiscussion>A Configuration Management (CM) repository is used to manage application code versions and to securely store application code...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
A Software Configuration Management (SCM) plan describing the configuration control and change management process of application objects developed by the organization and the roles and responsibilities of the organization must be created and maintained.
<VulnDiscussion>Software Configuration Management (SCM) is very important in tracking code releases, baselines, and managing access to the co...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
A Configuration Control Board (CCB) that meets at least every release cycle, for managing the Configuration Management (CM) process must be established.
<VulnDiscussion>Software Configuration Management (SCM) is very important in tracking code releases, baselines, and managing access to the co...Rule Medium Severity -
SRG-APP-000387
<GroupDescription></GroupDescription>Group -
The application services and interfaces must be compatible with and ready for IPv6 networks.
<VulnDiscussion>If the application has not been upgraded to execute on an IPv6-only network, there is a possibility the application will not ...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
The application must not be hosted on a general purpose machine if the application is designated as critical or high availability by the ISSO.
<VulnDiscussion>Critical applications should not be hosted on a multi-purpose server with other applications. Applications that share resourc...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
A disaster recovery/continuity plan must exist in accordance with DoD policy based on the applications availability requirements.
<VulnDiscussion>All applications must document disaster recovery/continuity procedures to include business recovery plans, system contingenc...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Recovery procedures and technical system features must exist so recovery is performed in a secure and verifiable manner. The ISSO will document circumstances inhibiting a trusted recovery.
<VulnDiscussion>Without a disaster recovery plan, the application is susceptible to interruption in service due to damage within the processi...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Data backup must be performed at required intervals in accordance with DoD policy.
<VulnDiscussion>Without proper backups, the application is not protected from the loss of data or the operating environment in the event of h...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.