Skip to content

II - Mission Support Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000001-DB-000031

    <GroupDescription></GroupDescription>
    Group
  • For interactive sessions, IDMS must limit the number of concurrent sessions for the same user to one or allow unlimited sessions.

    &lt;VulnDiscussion&gt;Multiple interactive sessions can provide a way to cause a DoS attack against IDMS if a user ID and password were compromised...
    Rule Medium Severity
  • SRG-APP-000023-DB-000001

    <GroupDescription></GroupDescription>
    Group
  • IDMS must support the implementation of an external security manager (ESM) to handle account management and user accesses, etc.

    &lt;VulnDiscussion&gt;Internal security in a DBMS can be complex to implement and maintain with the increased possibility of no access or the wrong...
    Rule Medium Severity
  • SRG-APP-000033-DB-000084

    <GroupDescription></GroupDescription>
    Group
  • IDMS must allow only authorized users to sign on to an IDMS CV.

    &lt;VulnDiscussion&gt;Unauthorized users signing on to IDMS can pose varying amounts of risk depending upon the security of the IDMS resources in a...
    Rule High Severity
  • SRG-APP-000033-DB-000084

    <GroupDescription></GroupDescription>
    Group
  • IDMS must enforce applicable access control policies, even after a user successfully signs on to CV.

    &lt;VulnDiscussion&gt;Unless the DBMS is secured properly, there are innumerable ways that a system and its data can be compromised. The IDMS SRTT ...
    Rule High Severity
  • SRG-APP-000033-DB-000084

    <GroupDescription></GroupDescription>
    Group
  • All installation-delivered IDMS USER-level tasks must be properly secured.

    &lt;VulnDiscussion&gt;User-level tasks that are not secured may allow anyone who signs on to IDMS to use them to access and manipulate various reso...
    Rule Medium Severity
  • SRG-APP-000033-DB-000084

    <GroupDescription></GroupDescription>
    Group
  • All installation-delivered IDMS DEVELOPER-level tasks must be properly secured.

    &lt;VulnDiscussion&gt;Developer-level tasks that are not secured may allow anyone who signs on to IDMS to use them to access and manipulate various...
    Rule Medium Severity
  • SRG-APP-000033-DB-000084

    <GroupDescription></GroupDescription>
    Group
  • All installation-delivered IDMS DBADMIN-level tasks must be properly secured.

    &lt;VulnDiscussion&gt;DBA-level tasks that are not secured may allow anyone who signs on to IDMS to use them to access and manipulate various resou...
    Rule Medium Severity
  • SRG-APP-000033-DB-000084

    <GroupDescription></GroupDescription>
    Group
  • All installation-delivered IDMS DCADMIN-level tasks must be properly secured.

    &lt;VulnDiscussion&gt;If DC Administrator-level tasks are not secured, any user logged on to IDMS may use them to access and manipulate various res...
    Rule Medium Severity
  • SRG-APP-000033-DB-000084

    <GroupDescription></GroupDescription>
    Group
  • All installation-delivered IDMS User-level programs must be properly secured.

    &lt;VulnDiscussion&gt;If user-level programs are not secured, then unauthorized users may use them to access and manipulate various resources withi...
    Rule Medium Severity
  • SRG-APP-000033-DB-000084

    <GroupDescription></GroupDescription>
    Group
  • All installation-delivered IDMS Developer-level Programs must be properly secured.

    &lt;VulnDiscussion&gt;Developer-level programs that are not secured may allow unauthorized users to access and manipulate various resources within ...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules