Skip to content

II - Mission Support Sensitive

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • Ubuntu 22.04 LTS must disable the x86 Ctrl-Alt-Delete key sequence if a graphical user interface is installed.

    &lt;VulnDiscussion&gt;A locally logged-on user who presses Ctrl-Alt-Delete, when at the console, can reboot the system. If accidentally pressed, as...
    Rule High Severity
  • SRG-OS-000378-GPOS-00163

    <GroupDescription></GroupDescription>
    Group
  • Ubuntu 22.04 LTS must disable automatic mounting of Universal Serial Bus (USB) mass storage driver.

    &lt;VulnDiscussion&gt;Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. ...
    Rule Medium Severity
  • SRG-OS-000481-GPOS-00481

    <GroupDescription></GroupDescription>
    Group
  • Ubuntu 22.04 LTS must disable all wireless network adapters.

    &lt;VulnDiscussion&gt;Without protection of communications with wireless peripherals, confidentiality and integrity may be compromised because unpr...
    Rule Medium Severity
  • SRG-OS-000109-GPOS-00056

    <GroupDescription></GroupDescription>
    Group
  • Ubuntu 22.04 LTS must prevent direct login into the root account.

    &lt;VulnDiscussion&gt;To ensure individual accountability and prevent unauthorized access, organizational users must be individually identified and...
    Rule Medium Severity
  • SRG-OS-000104-GPOS-00051

    <GroupDescription></GroupDescription>
    Group
  • Ubuntu 22.04 LTS must uniquely identify interactive users.

    &lt;VulnDiscussion&gt;To ensure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to pre...
    Rule Medium Severity
  • SRG-OS-000075-GPOS-00043

    <GroupDescription></GroupDescription>
    Group
  • Ubuntu 22.04 LTS must enforce 24 hours/one day as the minimum password lifetime. Passwords for new users must have a 24 hours/one day minimum password lifetime restriction.

    &lt;VulnDiscussion&gt;Enforcing a minimum password lifetime helps to prevent repeated password changes to defeat the password reuse or history enfo...
    Rule Medium Severity
  • SRG-OS-000076-GPOS-00044

    <GroupDescription></GroupDescription>
    Group
  • Ubuntu 22.04 LTS must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction.

    &lt;VulnDiscussion&gt;Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If the ...
    Rule Medium Severity
  • SRG-OS-000118-GPOS-00060

    <GroupDescription></GroupDescription>
    Group
  • Ubuntu 22.04 LTS must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.

    &lt;VulnDiscussion&gt;Inactive identifiers pose a risk to systems and applications because attackers may exploit an inactive identifier and potenti...
    Rule Medium Severity
  • SRG-OS-000002-GPOS-00002

    <GroupDescription></GroupDescription>
    Group
  • Ubuntu 22.04 LTS must automatically expire temporary accounts within 72 hours.

    &lt;VulnDiscussion&gt;Temporary accounts are privileged or nonprivileged accounts established during pressing circumstances, such as new software o...
    Rule Medium Severity
  • SRG-OS-000021-GPOS-00005

    <GroupDescription></GroupDescription>
    Group
  • Ubuntu 22.04 LTS must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts have been made.

    &lt;VulnDiscussion&gt;By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise...
    Rule Low Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules