Skip to content

III - Administrative Classified

Rules and Groups employed by this XCCDF Profile

  • Confidentiality of information during transmission is controlled through the use of an approved TLS version.

    <VulnDiscussion>Transport Layer Security (TLS) encryption is a required security setting as a number of known vulnerabilities have been repor...
    Rule High Severity
  • SRG-APP-000176-DB-000068

    <GroupDescription></GroupDescription>
    Group
  • SQL Server must enforce authorized access to all PKI private keys stored/utilized by SQL Server.

    &lt;VulnDiscussion&gt;The DoD standard for authentication is DoD-approved PKI certificates. PKI certificate-based authentication is performed by re...
    Rule High Severity
  • SRG-APP-000179-DB-000114

    <GroupDescription></GroupDescription>
    Group
  • SQL Server must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations.

    &lt;VulnDiscussion&gt;Use of weak or not validated cryptographic algorithms undermines the purposes of utilizing encryption and digital signatures ...
    Rule High Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules