III - Administrative Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-NET-000076
<GroupDescription></GroupDescription>Group -
The Enterprise Voice, Video, and Messaging Session Manager must produce session (call) records containing where (location) the connection originated.
<VulnDiscussion>Without the capability to generate session records, it is difficult to establish, correlate, and investigate the events relat...Rule Medium Severity -
SRG-NET-000077
<GroupDescription></GroupDescription>Group -
The Enterprise Voice, Video, and Messaging Session Manager must produce session (call) records containing the identity of the initiator of the call.
<VulnDiscussion>Without the capability to generate session records, it is difficult to establish, correlate, and investigate the events relat...Rule Medium Severity -
SRG-NET-000078
<GroupDescription></GroupDescription>Group -
The Enterprise Voice, Video, and Messaging Session Manager must produce session (call) records containing the outcome (status) of the connection.
<VulnDiscussion>Without the capability to generate session records, it is difficult to establish, correlate, and investigate the events relat...Rule Medium Severity -
SRG-NET-000079
<GroupDescription></GroupDescription>Group -
The Enterprise Voice, Video, and Messaging Session Manager must produce session (call) records containing the identity of the users and identifiers associated with the session.
<VulnDiscussion>Without the capability to generate session records, it is difficult to establish, correlate, and investigate the events relat...Rule Medium Severity -
SRG-NET-000088
<GroupDescription></GroupDescription>Group -
The Enterprise Voice, Video, and Messaging Session Manager must alert the information system security officer (ISSO) and system administrator (SA) (at a minimum) in the event of a session (call) record system failure.
<VulnDiscussion>It is critical for the appropriate personnel to be aware if a system is at risk of failing to process session records. Withou...Rule Medium Severity -
SRG-NET-000098
<GroupDescription></GroupDescription>Group -
The Enterprise Voice, Video, and Messaging Session Manager must protect session (call) records from unauthorized read access.
<VulnDiscussion>Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means...Rule Medium Severity -
SRG-NET-000099
<GroupDescription></GroupDescription>Group -
The Enterprise Voice, Video, and Messaging Session Manager must protect session (call) records from unauthorized modification.
<VulnDiscussion>If session records were to become compromised, then forensic analysis and discovery of the true source of potentially malicio...Rule Medium Severity -
SRG-NET-000100
<GroupDescription></GroupDescription>Group -
The Enterprise Voice, Video, and Messaging Session Manager must protect session (call) records from unauthorized deletion.
<VulnDiscussion>If session records were to become compromised, then forensic analysis and discovery of the true source of potentially malicio...Rule Medium Severity -
SRG-NET-000113
<GroupDescription></GroupDescription>Group -
The Enterprise Voice, Video, and Messaging Session Manager must produce session (call) records for events determined to be significant and relevant by local policy.
<VulnDiscussion>Without the capability to generate session records, it is difficult to establish, correlate, and investigate the events relat...Rule Medium Severity -
SRG-NET-000131
<GroupDescription></GroupDescription>Group -
The Enterprise Voice, Video, and Messaging Session Manager must be configured to disable nonessential capabilities.
<VulnDiscussion>It is detrimental for Enterprise Voice, Video, and Messaging Session Managers to provide, or enable by default, functionality...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.