II - Mission Support Public
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000148-NDM-000346
Group -
The Dell OS10 Switch must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.
Authentication for administrative (privileged level) access to the device is always required. An account can be created on the device's local database for use when the authentication server is down...Rule Medium Severity -
SRG-APP-000149-NDM-000247
Group -
The Dell OS10 Switch must be configured to use DOD PKI as multifactor authentication (MFA) for interactive logins.
MFA is when two or more factors are used to confirm the identity of an individual who is requesting access to digital information resources. Valid factors include something the individual knows (e....Rule High Severity -
SRG-APP-000156-NDM-000250
Group -
The Dell OS10 Switch must implement replay-resistant authentication mechanisms for network access to privileged accounts.
A replay attack may enable an unauthorized user to gain access to the application. Authentication sessions between the authenticator and the application validating the user credentials must not be ...Rule Medium Severity -
SRG-APP-000164-NDM-000252
Group -
The Dell OS10 Switch must enforce a minimum 15-character password length.
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one factor of several that helps to d...Rule Medium Severity -
SRG-APP-000166-NDM-000254
Group -
The Dell OS10 Switch must enforce password complexity by requiring that at least one uppercase character be used.
Use of a complex passwords helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisti...Rule Medium Severity -
SRG-APP-000167-NDM-000255
Group -
The Dell OS10 Switch must enforce password complexity by requiring that at least one lowercase character be used.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...Rule Medium Severity -
SRG-APP-000168-NDM-000256
Group -
The Dell OS10 Switch must enforce password complexity by requiring that at least one numeric character be used.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...Rule Medium Severity -
SRG-APP-000169-NDM-000257
Group -
The Dell OS10 Switch must enforce password complexity by requiring that at least one special character be used.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...Rule Medium Severity -
SRG-APP-000175-NDM-000262
Group -
The Dell OS10 Switch must be configured to use DOD-approved OCSP responders or CRLs to validate certificates used for PKI-based authentication.
Once issued by a DOD certificate authority (CA), public key infrastructure (PKI) certificates are typically valid for three years or shorter within the DOD. However, there are many reasons a certif...Rule High Severity -
SRG-APP-000177-NDM-000263
Group -
The Dell OS10 Switch, for PKI-based authentication, must be configured to map validated certificates to unique user accounts.
Without mapping the PKI certificate to a unique user account, the ability to determine the identities of individuals or the status of their nonrepudiation is considerably impacted during forensic a...Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.