I - Mission Critical Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000090
<GroupDescription></GroupDescription>Group -
XenDesktop License Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
<VulnDiscussion>Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel ma...Rule Medium Severity -
SRG-APP-000219
<GroupDescription></GroupDescription>Group -
XenDesktop License Server must protect the authenticity of communications sessions.
<VulnDiscussion>Authenticity protection provides protection against man-in-the-middle attacks/session hijacking and the insertion of false in...Rule Medium Severity -
SRG-APP-000400
<GroupDescription></GroupDescription>Group -
XenDesktop License Server must prohibit the use of cached authenticators after an organization-defined time period.
<VulnDiscussion>If cached authentication information is out of date, the validity of the authentication information may be questionable.</...Rule Medium Severity -
SRG-APP-000439
<GroupDescription></GroupDescription>Group -
XenDesktop License Server must protect the confidentiality and integrity of transmitted information.
<VulnDiscussion>Without protection of the transmitted information, confidentiality and integrity may be compromised since unprotected communi...Rule Medium Severity -
SRG-APP-000440
<GroupDescription></GroupDescription>Group -
XenDesktop License Server must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution Systems (PDS).
<VulnDiscussion>Encrypting information for transmission protects information from unauthorized disclosure and modification. Cryptographic mec...Rule High Severity -
SRG-APP-000442
<GroupDescription></GroupDescription>Group -
XenDesktop License Server must maintain the confidentiality and integrity of information during reception.
<VulnDiscussion>Information can be unintentionally or maliciously disclosed or modified during reception including, for example, during aggre...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.