| V-276001 | | Ax-OS must limit the number of concurrent sessions to 10 for all accounts and/or account types. | Operating system management includes the ability to control the number of users and user sessions that utilize an operating system. Limiting the numbe... |
| V-276002 | | Ax-OS must automatically terminate a graphical user interface (GUI) user session after 15 minutes. | An attacker can take advantage of user sessions that are left open, thus bypassing the user authentication process.
To thwart the vulnerability of op... |
| V-276003 | | Ax-OS must automatically terminate a Secure Shell (SSH) user session after 15 minutes. | An attacker can take advantage of user sessions that are left open, thus bypassing the user authentication process.
To thwart the vulnerability of op... |
| V-276005 | | Ax-OS must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. | Strong access controls are critical to securing the application server. The application server must employ access control policies (e.g., identity-bas... |
| V-276006 | | Ax-OS must display the Standard Mandatory DOD Notice and Consent Banner before granting access to Ax-OS. | Display of a standardized and approved use notification before granting access to the publicly accessible application ensures privacy and security not... |
| V-276007 | | Ax-OS must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the Toolbox. | Display of a standardized and approved use notification before granting access to the publicly accessible application ensures privacy and security not... |
| V-276008 | | Ax-OS password manager must be disabled. | It is detrimental for applications to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary ca... |
| V-276015 | | Ax-OS must implement privileged access authorization to all information systems and infrastructure components for selected organization-defined vulnerability scanning activities. | In certain situations, the nature of the vulnerability scanning may be more intrusive, or the information system component that is the subject of the ... |
| V-276016 | | Ax-OS must compare the internal system clocks on an organization-defined frequency with an organization-defined authoritative time source. | Synchronization of internal system clocks with an authoritative source provides uniformity of time stamps for systems with multiple system clocks and ... |
| V-276004 | | Ax-OS must implement DOD-approved encryption to protect the confidentiality of remote access sessions. | Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session.
Remote ... |
| V-276009 | | Ax-OS must use multifactor authentication for network access to the customer account. | Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased.
Multifactor authentication requires ... |
| V-276010 | | Ax-OS must use multifactor authentication for network access to the files account. | Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased.
Multifactor authentication requires ... |
| V-276011 | | Ax-OS must use multifactor authentication for network access to nonprivileged accounts. | To ensure accountability and prevent unauthenticated access, nonprivileged users must utilize multifactor authentication to prevent potential misuse a... |
| V-276012 | | Ax-OS must have no local accounts for the user interface. | To ensure accountability and prevent unauthenticated access, nonprivileged users must utilize multifactor authentication to prevent potential misuse a... |
| V-276013 | | Ax-OS must protect the authenticity of communications sessions. | Authenticity protection provides protection against man-in-the-middle attacks/session hijacking and the insertion of false information into sessions.
... |
| V-276014 | | Ax-OS must off-load audit records onto a different system or media than the system being audited. | Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
Off-loading is a common process in information s... |
