III - Administrative Public
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000114-GPOS-00059
Group -
TOSS must be configured to disable USB mass storage.
USB mass storage permits easy introduction of unknown devices, thereby facilitating malicious activity. Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163Rule Medium Severity -
SRG-OS-000126-GPOS-00066
Group -
TOSS must be configured so that all network connections associated with SSH traffic are terminated at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements.
Terminating an idle SSH session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console por...Rule Medium Severity -
SRG-OS-000134-GPOS-00068
Group -
TOSS must have policycoreutils package installed.
Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmwar...Rule Low Severity -
SRG-OS-000185-GPOS-00079
Group -
All TOSS local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.
TOSS systems handling data requiring "data at rest" protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest. Selection of a ...Rule Medium Severity -
SRG-OS-000259-GPOS-00100
Group -
TOSS must limit privileges to change software resident within software libraries.
If the operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part ...Rule Medium Severity -
SRG-OS-000266-GPOS-00101
Group -
TOSS must enforce password complexity by requiring that at least one special character be used.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity or strength is a measure of the effectiveness of a password in resisting ...Rule Medium Severity -
SRG-OS-000297-GPOS-00115
Group -
A firewall must be installed on TOSS.
"Firewalld" provides an easy and effective way to block/limit remote access to the system via ports, services, and protocols. Remote access services, such as those providing remote access to netwo...Rule Medium Severity -
SRG-OS-000342-GPOS-00133
Group -
TOSS must take appropriate action when the internal event queue is full.
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity. TOS...Rule Medium Severity -
SRG-OS-000376-GPOS-00161
Group -
TOSS must accept Personal Identity Verification (PIV) credentials.
The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. The DoD has mandated the use of the Common Access Card (CAC) to support identity management and ...Rule Medium Severity -
SRG-OS-000393-GPOS-00173
Group -
TOSS must implement DoD-approved encryption in the OpenSSL package.
Without cryptographic integrity protections, information can be altered by unauthorized users without detection. Remote access (e.g., RDP) is access to DoD nonpublic information systems by an auth...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.