Skip to content

II - Mission Support Sensitive

Rules and Groups employed by this XCCDF Profile

  • Each cross-directory authentication configuration must be documented.

    <VulnDiscussion>Active Directory (AD) external, forest, and realm trust configurations are designed to extend resource access to a wider rang...
    Rule Low Severity
  • SRG-OS-000423

    <GroupDescription></GroupDescription>
    Group
  • A VPN must be used to protect directory network traffic for directory service implementation spanning enclave boundaries.

    &lt;VulnDiscussion&gt;The normal operation of AD requires the use of IP network ports and protocols to support queries, replication, user authentic...
    Rule Medium Severity
  • SRG-OS-000480

    <GroupDescription></GroupDescription>
    Group
  • Accounts from outside directories that are not part of the same organization or are not subject to the same security policies must be removed from all highly privileged groups.

    &lt;VulnDiscussion&gt;Membership in certain default directory groups assigns a high privilege level for access to the directory. In AD, membership ...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules