II - Mission Support Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000002
Group -
Dragos must configure idle timeouts at 10 minutes.
A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not log out because of the temporar...Rule Medium Severity -
SRG-APP-000023
Group -
Dragos Platform must use an Identity Provider (IDP) for authentication and authorization processes.
Enterprise environments make application account management challenging and complex. A manual process for account management functions adds the risk of a potential oversight or other error. A com...Rule Medium Severity -
SRG-APP-000068
Group -
The Dragos Platform must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system.
Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal ...Rule Medium Severity -
SRG-APP-000070
Group -
The publicly accessible Dragos Platform application must display the Standard Mandatory DOD Notice and Consent Banner before granting access to Dragos Platform.
Display of a standardized and approved use notification before granting access to the publicly accessible application ensures privacy and security notification verbiage used is consistent with appl...Rule Medium Severity -
SRG-APP-000080
Group -
The Dragos Platform must only allow local administrative and service user accounts.
Only two default accounts facilitate the initial setup and configuration of the Platform. These accounts provide immediate access to the system, allowing administrators to quickly get the system up...Rule Medium Severity -
SRG-APP-000108
Group -
The Dragos Platform must have notification and audit services installed.
Installing the Knowledge Pack(s) is essential for the Dragos Platform to provide comprehensive security monitoring, compliance, and operational visibility within industrial environments. It enhance...Rule Medium Severity -
SRG-APP-000125
Group -
The Dragos Platform must be configured to send backup audit records.
Configuring the Dragos Platform to send out backup audit records is a critical best practice for ensuring the security, integrity, and availability of audit data. It supports disaster recovery, reg...Rule Medium Severity -
SRG-APP-000126
Group -
The Dragos Platform must have disk encryption enabled on a virtual machines (VMs).
Enabling disk encryption on VMs running the Dragos Platform is a critical security measure to protect sensitive data, ensure compliance with regulations, and provide a robust defense against variou...Rule Medium Severity -
SRG-APP-000133
Group -
Dragos Platforms must limit privileges and not allow the ability to run shell.
If Dragos Platform were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a ...Rule High Severity -
SRG-APP-000156
Group -
Dragos must allow only the individuals appointed by the information system security manager (ISSM) to have full admin rights to the system.
Without restricting which roles and individuals can select which events are audited, unauthorized personnel may be able to prevent the auditing of critical events. Misconfigured audits may degrad...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.