II - Mission Support Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000298-GPOS-00116
Group -
NixOS must enable the built-in firewall.
Without the ability to immediately disconnect or disable remote access, an attack or other compromise taking place would not be immediately stopped. Operating system remote access functionality mu...Rule Medium Severity -
SRG-OS-000002-GPOS-00002
Group -
NixOS emergency or temporary user accounts must be provisioned with an expiration time of 72 hours or less.
If emergency or temporary user accounts remain active when no longer needed or for an excessive period, these accounts may be used to gain unauthorized access. To mitigate this risk, automated term...Rule Medium Severity -
SRG-OS-000004-GPOS-00004
Group -
NixOS must enable the audit daemon.
Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to create an acco...Rule Medium Severity -
SRG-OS-000021-GPOS-00005
Group -
NixOS must enforce the limit of three consecutive invalid login attempts by a user during a 15-minute time period.
By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking...Rule Medium Severity -
SRG-OS-000023-GPOS-00006
Group -
NixOS must be configured to display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a command line user login.
Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal ...Rule Medium Severity -
SRG-OS-000023-GPOS-00006
Group -
NixOS must be configured to display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via an SSH login.
Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal ...Rule Medium Severity -
SRG-OS-000023-GPOS-00006
Group -
NixOS must be configured to display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a graphical user login.
Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal ...Rule Medium Severity -
SRG-OS-000027-GPOS-00008
Group -
NixOS must be configured to limit the number of concurrent sessions to ten for all accounts and/or account types.
Operating system management includes the ability to control the number of users and user sessions that use an operating system. Limiting the number of allowed users and sessions per user is helpful...Rule Low Severity -
SRG-OS-000029-GPOS-00010
Group -
NixOS must initiate a session lock after a 10-minute period of inactivity for graphical user login.
A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not log out because of the temporar...Rule Medium Severity -
SRG-OS-000030-GPOS-00011
Group -
NixOS must provide the capability for users to directly initiate a session lock for all connection types.
A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.