No profile (default benchmark)
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000395-NDM-000347
Group -
The Dell OS10 Switch must authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.
If NTP is not authenticated, an attacker can introduce a rogue NTP server. This rogue server can then be used to send incorrect time information to network devices, which will make log timestamps i...Rule Medium Severity -
SRG-APP-000400-NDM-000313
Group -
The Dell OS10 Switch must prohibit the use of cached authenticators after an organization-defined time period.
Some authentication implementations can be configured to use cached authenticators. If cached authentication information is out-of-date, the validity of the authentication information may be quest...Rule Medium Severity -
SRG-APP-000411-NDM-000330
Group -
The Dell OS10 Switch must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of nonlocal maintenance and diagnostic communications.
Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DOD data may be ...Rule High Severity -
SRG-APP-000412-NDM-000331
Group -
The Dell OS10 Switch must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions.
This requires the use of secure protocols instead of their unsecured counterparts, such as SSH instead of telnet, SCP instead of FTP, and HTTPS instead of HTTP. If unsecured protocols (lacking cryp...Rule High Severity -
SRG-APP-000435-NDM-000315
Group -
The Dell OS10 Switch must be configured to protect against known types of denial-of-service (DoS) attacks by employing organization-defined security safeguards.
DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity. This require...Rule Medium Severity -
SRG-APP-000457-NDM-000352
Group -
The application must install security-relevant firmware updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
Security flaws with firmware are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. Organizations (including any con...Rule Medium Severity -
SRG-APP-000516-NDM-000334
Group -
The Dell OS10 Switch must generate log records for a locally developed list of auditable events.
Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means to investigate an attack; to recognize resource usage or capacity thres...Rule Medium Severity -
SRG-APP-000516-NDM-000335
Group -
The Dell OS10 Switch must enforce access restrictions associated with changes to the system components.
Changes to the hardware or software components of the network device can have significant effects on the overall security of the network. Therefore, only qualified and authorized individuals should...Rule Medium Severity -
SRG-APP-000516-NDM-000344
Group -
The Dell OS10 Switch must obtain its public key certificates from an appropriate certificate policy through an approved service provider.
For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure...Rule Medium Severity -
SRG-APP-000516-NDM-000350
Group -
The Dell OS10 Switch must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).
The aggregation of log data kept on a syslog server can be used to detect attacks and trigger an alert to the appropriate security personnel. The stored log data can used to detect weaknesses in se...Rule High Severity -
SRG-APP-000516-NDM-000351
Group -
The Dell OS10 Switch must be running an operating system release that is currently supported by Dell.
Network devices running an unsupported operating system lack current security fixes required to mitigate the risks associated with recent vulnerabilities.Rule High Severity -
SRG-APP-000845-NDM-000220
Group -
The Dell OS10 Switch must not have any default manufacturer passwords when deployed.
Password-based authentication applies to passwords regardless of whether they are used in single-factor or multifactor authentication. Long passwords or passphrases are preferable over shorter pass...Rule Medium Severity -
SRG-APP-000516
Group -
The Dell OS10 Switch must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access.
Centralized management of authentication settings increases the security of remote and nonlocal access methods. This control is particularly important protection against the insider threat. With ro...Rule High Severity -
SRG-APP-000920-NDM-000320
Group -
The Dell OS10 Switch must be configured to synchronize internal information system clocks using redundant authoritative time sources.
The loss of connectivity to a particular authoritative time source will result in the loss of time synchronization (free-run mode) and increasingly inaccurate time stamps on audit events and other ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.