Skip to content

II - Mission Support Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • The ISSO must ensure active vulnerability testing is performed.

    &lt;VulnDiscussion&gt;Use of automated scanning tools accompanied with manual testing/validation which confirms or expands on the automated test re...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Execution flow diagrams and design documents must be created to show how deadlock and recursion issues in web services are being mitigated.

    &lt;VulnDiscussion&gt;In order to understand data flows within web services, the process flow of data must be developed and documented. There are ...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • The designer must ensure the application does not store configuration and control files in the same directory as user data.

    &lt;VulnDiscussion&gt;Application configuration settings and user data are required to be stored in separate locations in order to prevent applicat...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • The ISSO must ensure if a DoD STIG or NSA guide is not available, a third-party product will be configured by following available guidance.

    &lt;VulnDiscussion&gt;Not all COTS products are covered by a STIG. Those products not covered by a STIG, should follow commercially accepted best p...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • New IP addresses, data services, and associated ports used by the application must be submitted to the appropriate approving authority for the organization, which in turn will be submitted through the DoD Ports, Protocols, and Services Management (DoD PPSM)

    &lt;VulnDiscussion&gt;Failure to comply with DoD Ports, Protocols, and Services (PPS) Vulnerability Analysis and associated PPS mitigations may res...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules