Skip to content
Log In

III - Administrative Public

Rules and Groups employed by this XCCDF Profile

  • SRG-NET-000338

    Group
    Show

  • AOS must require devices to reauthenticate when organization-defined circumstances or situations requiring reauthentication.

    Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity on the network. In addition to the reauthentication requirements associa...
    Rule Medium Severity
    Show

  • SRG-NET-000343

    Group
    Show

  • The network element must authenticate all network-connected endpoint devices before establishing any connection.

    Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. For distributed architectures (e.g., service-oriented architectures), th...
    Rule Medium Severity
    Show

  • SRG-NET-000352

    Group
    Show

  • AOS must use cryptographic algorithms approved by the National Security Agency (NSA) to protect national security systems (NSS) when transporting classified traffic across an unclassified network.

    Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. National Institute of Standards and Technology (NIST) cryptographic algorithms are approv...
    Rule Medium Severity
    Show

  • SRG-NET-000369

    Group
    Show

  • AOS, in conjunction with a remote device, must prevent the device from simultaneously establishing nonremote connections with the system and communicating via some other connection to resources in external networks.

    Split tunneling would in effect allow unauthorized external connections, making the system more vulnerable to attack and to exfiltration of organizational information. This requirement applies to ...
    Rule Medium Severity
    Show

  • SRG-NET-000070

    Group
    Show

  • When AOS is used as a wireless local area network (WLAN) controller, WLAN Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) implementation must use certificate-based public key infrastructure (PKI) authentication to connect to DOD networks.

    DOD certificate-based PKI authentication is strong, two-factor authentication that relies on carefully evaluated cryptographic modules. Implementations of EAP-TLS that are not integrated with certi...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules