II - Mission Support Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000115
<GroupDescription></GroupDescription>Group -
The application must provide the capability to filter audit records for events of interest based upon organization-defined criteria.
<VulnDiscussion>The ability to specify the event criteria that are of interest provides the persons reviewing the logs with the ability to qu...Rule Medium Severity -
SRG-APP-000181
<GroupDescription></GroupDescription>Group -
The application must provide an audit reduction capability that supports on-demand reporting requirements.
<VulnDiscussion>The ability to generate on-demand reports, including after the audit data has been subjected to audit reduction, greatly faci...Rule Medium Severity -
SRG-APP-000364
<GroupDescription></GroupDescription>Group -
The application must provide an audit reduction capability that supports on-demand audit review and analysis.
<VulnDiscussion>The ability to perform on-demand audit review and analysis, including after the audit data has been subjected to audit reduct...Rule Medium Severity -
SRG-APP-000365
<GroupDescription></GroupDescription>Group -
The application must provide an audit reduction capability that supports after-the-fact investigations of security incidents.
<VulnDiscussion>If the audit reduction capability does not support after-the-fact investigations, it is difficult to establish, correlate, an...Rule Medium Severity -
SRG-APP-000366
<GroupDescription></GroupDescription>Group -
The application must provide a report generation capability that supports on-demand audit review and analysis.
<VulnDiscussion>The report generation capability must support on-demand review and analysis in order to facilitate the organization's ability...Rule Medium Severity -
SRG-APP-000367
<GroupDescription></GroupDescription>Group -
The application must provide a report generation capability that supports on-demand reporting requirements.
<VulnDiscussion>The report generation capability must support on-demand reporting in order to facilitate the organization's ability to genera...Rule Medium Severity -
SRG-APP-000368
<GroupDescription></GroupDescription>Group -
The application must provide a report generation capability that supports after-the-fact investigations of security incidents.
<VulnDiscussion>If the report generation capability does not support after-the-fact investigations, it is difficult to establish, correlate, ...Rule Medium Severity -
SRG-APP-000369
<GroupDescription></GroupDescription>Group -
The application must provide an audit reduction capability that does not alter original content or time ordering of audit records.
<VulnDiscussion>If the audit reduction capability alters the content or time ordering of audit records, the integrity of the audit records is...Rule Medium Severity -
SRG-APP-000370
<GroupDescription></GroupDescription>Group -
The application must provide a report generation capability that does not alter original content or time ordering of audit records.
<VulnDiscussion>If the audit report generation capability alters the original content or time ordering of audit records, the integrity of the...Rule Medium Severity -
SRG-APP-000116
<GroupDescription></GroupDescription>Group -
The applications must use internal system clocks to generate time stamps for audit records.
<VulnDiscussion>Without an internal clock used as the reference for the time stored on each event to provide a trusted common reference for t...Rule Medium Severity -
SRG-APP-000374
<GroupDescription></GroupDescription>Group -
The application must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).
<VulnDiscussion>If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analys...Rule Medium Severity -
SRG-APP-000375
<GroupDescription></GroupDescription>Group -
The application must record time stamps for audit records that meet a granularity of one second for a minimum degree of precision.
<VulnDiscussion>Without sufficient granularity of time stamps, it is not possible to adequately determine the chronological order of records....Rule Medium Severity -
SRG-APP-000118
<GroupDescription></GroupDescription>Group -
The application must protect audit information from any type of unauthorized read access.
<VulnDiscussion>If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially ma...Rule Medium Severity -
SRG-APP-000119
<GroupDescription></GroupDescription>Group -
The application must protect audit information from unauthorized modification.
<VulnDiscussion>If audit data were to become compromised, then forensic analysis and discovery of the true source of potentially malicious sy...Rule Medium Severity -
SRG-APP-000120
<GroupDescription></GroupDescription>Group -
The application must protect audit information from unauthorized deletion.
<VulnDiscussion>If audit data were to become compromised, then forensic analysis and discovery of the true source of potentially malicious sy...Rule Medium Severity -
SRG-APP-000121
<GroupDescription></GroupDescription>Group -
The application must protect audit tools from unauthorized access.
<VulnDiscussion>Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, pro...Rule Medium Severity -
SRG-APP-000122
<GroupDescription></GroupDescription>Group -
The application must protect audit tools from unauthorized modification.
<VulnDiscussion>Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, pro...Rule Medium Severity -
SRG-APP-000123
<GroupDescription></GroupDescription>Group -
The application must protect audit tools from unauthorized deletion.
<VulnDiscussion>Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, pro...Rule Medium Severity -
SRG-APP-000125
<GroupDescription></GroupDescription>Group -
The application must back up audit records at least every seven days onto a different system or system component than the system or component being audited.
<VulnDiscussion>Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up audit records to a differen...Rule Medium Severity -
SRG-APP-000126
<GroupDescription></GroupDescription>Group -
The application must use cryptographic mechanisms to protect the integrity of audit information.
<VulnDiscussion>Audit records may be tampered with; if the integrity of audit data were to become compromised, then forensic analysis and dis...Rule Medium Severity -
SRG-APP-000290
<GroupDescription></GroupDescription>Group -
Application audit tools must be cryptographically hashed.
<VulnDiscussion>Protecting the integrity of the tools used for auditing purposes is a critical step to ensuring the integrity of audit data. ...Rule Medium Severity -
SRG-APP-000290
<GroupDescription></GroupDescription>Group -
The integrity of the audit tools must be validated by checking the files for changes in the cryptographic hash value.
<VulnDiscussion>Protecting the integrity of the tools used for auditing purposes is a critical step to ensuring the integrity of audit data. ...Rule Medium Severity -
SRG-APP-000378
<GroupDescription></GroupDescription>Group -
The application must prohibit user installation of software without explicit privileged status.
<VulnDiscussion>Allowing regular users to install software without explicit privileges creates the risk that untested or potentially maliciou...Rule Medium Severity -
SRG-APP-000380
<GroupDescription></GroupDescription>Group -
The application must enforce access restrictions associated with changes to application configuration.
<VulnDiscussion>Failure to provide logical access restrictions associated with changes to application configuration may have significant effe...Rule Medium Severity -
SRG-APP-000381
<GroupDescription></GroupDescription>Group -
The application must audit who makes configuration changes to the application.
<VulnDiscussion>Without auditing the enforcement of access restrictions against changes to the application configuration, it will be difficul...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.