| V-203591 | | The operating system must provide automated mechanisms for supporting account management functions. | Enterprise environments make account management challenging and complex. A manual process for account management functions adds the risk of a potentia... |
| V-203592 | | The operating system must automatically remove or disable temporary user accounts after 72 hours. | If temporary user accounts remain active when no longer needed or for an excessive period, these accounts may be used to gain unauthorized access. To ... |
| V-203593 | | The operating system must audit all account creations. | Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomp... |
| V-203594 | | The operating system must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period. | By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force att... |
| V-203595 | | The operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system. | Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbi... |
| V-203596 | | The operating system must display the Standard Mandatory DoD Notice and Consent Banner until users acknowledge the usage conditions and take explicit actions to log on for further access. | The banner must be acknowledged by the user prior to allowing the user access to the operating system. This provides assurance that the user has seen ... |
| V-203598 | | The operating system must retain a users session lock until that user reestablishes access using established identification and authentication procedures. | A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but do... |
| V-203599 | | The operating system must initiate a session lock after a 15-minute period of inactivity for all connection types. | A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information syst... |
| V-203600 | | The operating system must provide the capability for users to directly initiate a session lock for all connection types. | A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but do... |
| V-203601 | | The operating system must conceal, via the session lock, information previously visible on the display with a publicly viewable image. | A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but do... |
| V-203602 | | The operating system must monitor remote access methods. | Remote access services, such as those providing remote access to network devices and information systems, which lack automated monitoring capabilities... |
| V-203604 | | The operating system must produce audit records containing information to establish what type of events occurred. | Without establishing what type of events occurred, it would be difficult to establish, correlate, and investigate the events leading up to an outage o... |
| V-203605 | | The operating system must produce audit records containing information to establish when (date and time) the events occurred. | Without establishing when events occurred, it is impossible to establish, correlate, and investigate the events leading up to an outage or attack.
In... |
| V-203606 | | The operating system must produce audit records containing information to establish where the events occurred. | Without establishing where events occurred, it is impossible to establish, correlate, and investigate the events leading up to an outage or attack.
I... |
| V-203607 | | The operating system must produce audit records containing information to establish the source of the events. | Without establishing the source of the event, it is impossible to establish, correlate, and investigate the events leading up to an outage or attack.
... |
| V-203608 | | The operating system must produce audit records containing information to establish the outcome of the events. | Without information about the outcome of events, security personnel cannot make an accurate assessment as to whether an attack was successful or if ch... |
| V-203609 | | The operating system must generate audit records containing the full-text recording of privileged commands. | Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
At a minimum, the organizat... |
| V-203610 | | The operating system must produce audit records containing the individual identities of group account users. | Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
At a minimum, the organizat... |
| V-203611 | | The operating system must alert the ISSO and SA (at a minimum) in the event of an audit processing failure. | It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notificatio... |
| V-203613 | | The operating system must provide the capability to centrally review and analyze audit records from multiple components within the system. | Successful incident response and auditing relies on timely, accurate system information and analysis in order to allow the organization to identify an... |
| V-203614 | | The operating system must provide the capability to filter audit records for events of interest based upon all audit fields within audit records. | The ability to specify the event criteria that are of interest provides the individuals reviewing the logs with the ability to quickly isolate and ide... |
| V-203615 | | The operating system must use internal system clocks to generate time stamps for audit records. | Without an internal clock used as the reference for the time stored on each event to provide a trusted common reference for the time, forensic analysi... |
| V-203616 | | The operating system must protect audit information from unauthorized read access. | Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
Audit informat... |
| V-203617 | | The operating system must protect audit information from unauthorized modification. | If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is i... |
| V-203618 | | The operating system must protect audit information from unauthorized deletion. | If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is i... |
| V-203619 | | The operating system must provide audit record generation capability for DoD-defined auditable events for all operating system components. | Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or... |
| V-203620 | | The operating system must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. | Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel may be able to prevent the ... |
| V-203621 | | The operating system must generate audit records when successful/unsuccessful attempts to access privileges occur. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlat... |
| V-203622 | | The operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor. | Without path validation, an informed trust decision by the relying party cannot be made when presented with any certificate not already explicitly tru... |
| V-203623 | | The operating system, for PKI-based authentication, must enforce authorized access to the corresponding private key. | If the private key is discovered, an attacker can use the key to authenticate as an authorized user and gain access to the network infrastructure.
Th... |
| V-203624 | | The operating system must map the authenticated identity to the user or group account for PKI-based authentication. | Without mapping the certificate used to authenticate to the user account, the ability to determine the identity of the individual user or group will n... |
| V-203625 | | The operating system must enforce password complexity by requiring that at least one uppercase character be used. | Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure... |
| V-203626 | | The operating system must enforce password complexity by requiring that at least one lowercase character be used. | Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure... |
| V-203627 | | The operating system must enforce password complexity by requiring that at least one numeric character be used. | Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure... |
| V-203628 | | The operating system must require the change of at least 50 percent of the total number of characters when passwords are changed. | If the operating system allows the user to consecutively reuse extensive portions of passwords, this increases the chances of password compromise by i... |
| V-203631 | | Operating systems must enforce 24 hours/1 day as the minimum password lifetime. | Enforcing a minimum password lifetime helps to prevent repeated password changes to defeat the password reuse or history enforcement requirement. If u... |
| V-203632 | | Operating systems must enforce a 60-day maximum password lifetime restriction. | Any password, no matter how complex, can eventually be cracked; therefore, passwords need to be changed periodically. If the operating system does not... |
| V-203634 | | The operating system must enforce a minimum 15-character password length. | The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised.
Password complexit... |
| V-203635 | | The operating system must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. | To prevent the compromise of authentication information, such as passwords during the authentication process, the feedback from the operating system s... |
| V-203636 | | The operating system must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. | To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD syst... |
| V-203637 | | The operating system must be configured to disable non-essential capabilities. | It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessa... |
| V-203638 | | The operating system must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments. | In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types... |
| V-203639 | | The operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users). | To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and... |
| V-203640 | | The operating system must use multifactor authentication for network access to privileged accounts. | Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased.
Multifactor authentication requires u... |
| V-203641 | | The operating system must use multifactor authentication for network access to non-privileged accounts. | To assure accountability and prevent unauthenticated access, non-privileged users must utilize multifactor authentication to prevent potential misuse ... |
| V-203642 | | The operating system must use multifactor authentication for local access to privileged accounts. | To ensure accountability and prevent unauthenticated access, privileged users must utilize multifactor authentication to prevent potential misuse and ... |
| V-203643 | | The operating system must use multifactor authentication for local access to nonprivileged accounts. | To ensure accountability, prevent unauthenticated access, and prevent misuse of the system, nonprivileged users must utilize multifactor authenticatio... |
| V-203644 | | The operating system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator. | To ensure individual accountability and prevent unauthorized access, organizational users must be individually identified and authenticated.
A group ... |
| V-203645 | | The operating system must implement replay-resistant authentication mechanisms for network access to privileged accounts. | A replay attack may enable an unauthorized user to gain access to the operating system. Authentication sessions between the authenticator and the oper... |
| V-203646 | | The operating system must implement replay-resistant authentication mechanisms for network access to nonprivileged accounts. | A replay attack may enable an unauthorized user to gain access to the operating system. Authentication sessions between the authenticator and the oper... |
| V-203647 | | The operating system must uniquely identify peripherals before establishing a connection. | Without identifying devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity.
Peripherals include, but are... |
| V-203648 | | The operating system must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity. | Inactive identifiers pose a risk to systems and applications because attackers may exploit an inactive identifier and potentially obtain undetected ac... |
| V-203649 | | The operating system must use mechanisms meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module. | Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide con... |
| V-203650 | | The operating system must uniquely identify and must authenticate non-organizational users (or processes acting on behalf of non-organizational users). | Lack of authentication and identification enables non-organizational users to gain access to the application or possibly other information systems and... |
| V-203651 | | The operating system must provide an audit reduction capability that supports on-demand reporting requirements. | The ability to generate on-demand reports, including after the audit data has been subjected to audit reduction, greatly facilitates the organization'... |
| V-203652 | | The information system must automatically remove or disable emergency accounts after the crisis is resolved or 72 hours. | Emergency accounts are privileged accounts that are established in response to crisis situations where the need for rapid account activation is requir... |
| V-203655 | | The operating system must separate user functionality (including user interface services) from operating system management functionality. | Operating system management functionality includes functions necessary for administration and requires privileged user access. Allowing non-privileged... |
| V-203656 | | The operating system must isolate security functions from nonsecurity functions. | An isolation boundary provides access control and protects the integrity of the hardware, software, and firmware that perform security functions.
Sec... |
| V-203657 | | Operating systems must prevent unauthorized and unintended information transfer via shared system resources. | Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the a... |
| V-203658 | | The operating system must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks. | DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or m... |
| V-203659 | | The operating system must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity; and for user sessions (non-privileged session), the session must be terminated after 15 minutes of inactivity, except to fulfill documented and validated mission requirements. | Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management se... |
| V-203660 | | The operating system must fail to a secure state if system initialization fails, shutdown fails, or aborts fail. | Failure to a known safe state helps prevent systems from failing to a state that may cause loss of data or unauthorized access to system resources. Op... |
| V-203661 | | The operating system must protect the confidentiality and integrity of all information at rest. | Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive and tape drive, when used fo... |
| V-203663 | | The operating system must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. | Any operating system providing too much information in error messages risks compromising the data and security of the structure, and content of error ... |
| V-203664 | | The operating system must reveal error messages only to authorized users. | Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational st... |
| V-203665 | | Any publically accessible connection to the operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system. | Display of a standardized and approved use notification before granting access to the publicly accessible operating system ensures privacy and securit... |
| V-203666 | | The operating system must audit all account modifications. | Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accom... |
| V-203667 | | The operating system must audit all account disabling actions. | When operating system accounts are disabled, user accessibility is affected. Accounts are utilized for identifying individual users or for identifying... |
| V-203668 | | The operating system must audit all account removal actions. | When operating system accounts are removed, user accessibility is affected. Accounts are utilized for identifying individual users or for identifying ... |
| V-203670 | | The operating system must initiate session audits at system start-up. | If auditing is enabled late in the start-up process, the actions of some start-up processes may not be audited. Some audit systems also maintain state... |
| V-203671 | | The operating system must produce audit records containing information to establish the identity of any individual or process associated with the event. | Without information that establishes the identity of the subjects (i.e., users or processes acting on behalf of users) associated with the events, sec... |
| V-203672 | | The operating system must protect audit tools from unauthorized access. | Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tool... |
| V-203673 | | The operating system must protect audit tools from unauthorized modification. | Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tool... |
| V-203674 | | The operating system must protect audit tools from unauthorized deletion. | Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tool... |
| V-203675 | | The operating system must limit privileges to change software resident within software libraries. | If the operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the a... |
| V-203676 | | The operating system must enforce password complexity by requiring that at least one special character be used. | Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity or strength is a measure o... |
| V-203677 | | In the event of a system failure, the operating system must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes. | Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. Failure to a known secure s... |
| V-203678 | | The operating system must notify system administrators and ISSOs when accounts are created. | Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accom... |
| V-203679 | | The operating system must notify system administrators and ISSOs when accounts are modified. | Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accom... |
| V-203680 | | The operating system must notify system administrators and ISSOs when accounts are disabled. | When operating system accounts are disabled, user accessibility is affected. Accounts are utilized for identifying individual operating system users o... |
| V-203681 | | The operating system must notify system administrators and ISSOs when accounts are removed. | When operating system accounts are removed, user accessibility is affected. Accounts are utilized for identifying individual operating system users or... |
| V-203683 | | The operating system must automatically terminate a user session after inactivity time-outs have expired or at shutdown. | Automatic session termination addresses the termination of user-initiated logical sessions in contrast to the termination of network connections that ... |
| V-203684 | | The operating system must provide a logoff capability for user-initiated communications sessions when requiring user access authentication. | If a user cannot explicitly end an operating system session, the session may remain open and be exploited by an attacker; this is referred to as a zom... |
| V-203685 | | The operating system must display an explicit logoff message to users indicating the reliable termination of authenticated communications sessions. | If a user cannot explicitly end an operating system session, the session may remain open and be exploited by an attacker; this is referred to as a zom... |
| V-203686 | | The operating system must control remote access methods. | Remote access services, such as those providing remote access to network devices and information systems, which lack automated control capabilities, i... |
| V-203687 | | The operating system must provide the capability to immediately disconnect or disable remote access to the operating system. | Without the ability to immediately disconnect or disable remote access, an attack or other compromise taking place would not be immediately stopped.
... |
| V-203688 | | The operating system must protect wireless access to and from the system using encryption. | Allowing devices and users to connect to or from the system without first authenticating them allows untrusted access and can lead to a compromise or ... |
| V-203689 | | The operating system must protect wireless access to the system using authentication of users and/or devices. | Allowing devices and users to connect to the system without first authenticating them allows untrusted access and can lead to a compromise or attack.
... |
| V-203690 | | The operating system must audit all account enabling actions. | Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accom... |
| V-203691 | | The operating system must notify system administrators (SAs) and information system security officers (ISSOs) of account enabling actions. | Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomp... |
| V-203692 | | The operating system must allow operating system admins to pass information to any other operating system admin or user. | Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should ... |
| V-203693 | | The operating system must allow operating system admins to grant their privileges to other operating system admins. | Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should ... |
| V-203694 | | The operating system must allow operating system admins to change security attributes on users, the operating system, or the operating systems components. | Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should ... |
| V-203696 | | The operating system must prevent all software from executing at higher privilege levels than users executing the software. | In certain situations, software applications/programs need to execute with elevated privileges to perform required functions. However, if the privileg... |
| V-203697 | | The operating system must audit the execution of privileged functions. | Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromise... |
| V-203698 | | The operating system must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes occur. | By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, ... |
| V-203699 | | The operating system must provide the capability for assigned IMOs/ISSOs or designated SAs to change the auditing to be performed on all operating system components, based on all selectable event criteria in near real time. | If authorized individuals do not have the ability to modify auditing parameters in response to a changing threat environment, the organization may not... |
| V-203703 | | The operating system must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events requiring real-time alerts. | It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time aler... |
| V-203709 | | The operating system must not alter original content or time ordering of audit records when it provides an audit reduction capability. | If the audit reduction capability alters the content or time ordering of audit records, the integrity of the audit records is compromised, and the rec... |
| V-203710 | | The operating system must not alter original content or time ordering of audit records when it provides a report generation capability. | If the report generation capability alters the content or time ordering of audit records, the integrity of the audit records is compromised, and the r... |
| V-203711 | | The operating system must, for networked systems, compare internal information system clocks at least every 24 hours with an authoritative time source. | Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular ev... |
| V-203712 | | The operating system must synchronize internal information system clocks to the authoritative time source when the time difference is greater than one second. | Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular ev... |
| V-203713 | | The operating system must record time stamps for audit records that meet a minimum granularity of one second for a minimum degree of precision. | Without sufficient granularity of time stamps, it is not possible to adequately determine the chronological order of records.
Time stamps generated b... |
| V-203715 | | The operating system must enforce dual authorization for movement and/or deletion of all audit information, when such movement or deletion is not part of an authorized automatic process. | An authorized user may intentionally or accidentally move or delete audit records without those specific actions being authorized.
All bulk manipulat... |
| V-203716 | | The operating system must prohibit user installation of system software without explicit privileged status. | Allowing regular users to install software, without explicit privileges, creates the risk that untested or potentially malicious software will be inst... |
| V-203717 | | The operating system must notify designated personnel if baseline configurations are changed in an unauthorized manner. | Unauthorized changes to the baseline configuration could make the system vulnerable to various attacks or allow unauthorized access to the operating s... |
| V-203718 | | The operating system must enforce access restrictions. | Failure to provide logical access restrictions associated with changes to system configuration may have significant effects on the overall security of... |
| V-203719 | | The operating system must audit the enforcement actions used to restrict access associated with changes to the system. | Without auditing the enforcement of access restrictions against changes to the application configuration, it will be difficult to identify attempted a... |
| V-203721 | | The operating system must prevent program execution in accordance with local policies regarding software program usage and restrictions and/or rules authorizing the terms and conditions of software program usage. | Control of program execution is a mechanism used to prevent execution of unauthorized programs. Some operating systems may provide a capability that r... |
| V-203722 | | The operating system must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs. | Utilizing a whitelist provides a configuration management method for allowing the execution of only authorized software. Using only authorized softwar... |
| V-203723 | | The operating system must require users to reauthenticate for privilege escalation. | Without reauthentication, users may access resources or perform tasks for which they do not have authorization.
When operating systems provide the c... |
| V-203724 | | The operating system must require users to reauthenticate when changing roles. | Without reauthentication, users may access resources or perform tasks for which they do not have authorization.
When operating systems provide the c... |
| V-203725 | | The operating system must require users to reauthenticate when changing authenticators. | Without reauthentication, users may access resources or perform tasks for which they do not have authorization.
When operating systems provide the c... |
| V-203727 | | The operating system must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access. | Using an authentication device, such as a common access card (CAC) or token that is separate from the information system, ensures that even if the inf... |
| V-203728 | | The operating system must accept Personal Identity Verification (PIV) credentials. | The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access.
DoD has mandated the use of the CAC to support id... |
| V-203729 | | The operating system must electronically verify Personal Identity Verification (PIV) credentials. | The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access.
DoD has mandated the use of the CAC to support id... |
| V-203730 | | The operating system must authenticate peripherals before establishing a connection. | Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity.
Peripherals include, but ... |
| V-203731 | | The operating system must authenticate all endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based. | Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. Bidirectional authenticati... |
| V-203733 | | The operating system must prohibit the use of cached authenticators after one day. | If cached authentication information is out-of-date, the validity of the authentication information may be questionable.... |
| V-203734 | | The operating system, for PKI-based authentication, must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network. | Without configuring a local cache of revocation data, there is the potential to allow access to users who are no longer authorized (users with revoked... |
| V-203735 | | The operating system must audit all activities performed during nonlocal maintenance and diagnostic sessions. | If events associated with nonlocal administrative access or diagnostic sessions are not logged, a major tool for assessing and investigating attacks w... |
| V-203738 | | The operating system must verify remote disconnection at the termination of nonlocal maintenance and diagnostic sessions, when used for nonlocal maintenance sessions. | If the remote connection is not closed and verified as closed, the session may remain open and be exploited by an attacker; this is referred to as a z... |
| V-203744 | | The operating system must only allow the use of DoD PKI-established certificate authorities for authentication in the establishment of protected sessions to the operating system. | Untrusted Certificate Authorities (CA) can issue certificates, but they may be issued by organizations or individuals that seek to compromise DoD syst... |
| V-203747 | | The operating system must protect against or limit the effects of Denial of Service (DoS) attacks by ensuring the operating system is implementing rate-limiting measures on impacted network interfaces. | DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or m... |
| V-203750 | | The operating system must maintain the confidentiality and integrity of information during preparation for transmission. | Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, for example, during aggregation, a... |
| V-203751 | | The operating system must maintain the confidentiality and integrity of information during reception. | Information can be either unintentionally or maliciously disclosed or modified during reception, including, for example, during aggregation, at protoc... |
| V-203752 | | The operating system must behave in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received. | A common vulnerability of operating system is unpredictable behavior when invalid inputs are received. This requirement guards against adverse or unin... |
| V-203753 | | The operating system must implement non-executable data to protect its memory from unauthorized code execution. | Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Secu... |
| V-203754 | | The operating system must implement address space layout randomization to protect its memory from unauthorized code execution. | Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Secu... |
| V-203755 | | The operating system must remove all software components after updated versions have been installed. | Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by advers... |
| V-203756 | | The operating system must verify correct operation of all security functions. | Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is de... |
| V-203757 | | The operating system must perform verification of the correct operation of security functions: upon system start-up and/or restart; upon command by a user with privileged access; and/or every 30 days. | Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is de... |
| V-203758 | | The operating system must shut down the information system, restart the information system, and/or notify the system administrator when anomalies in the operation of any security functions are discovered. | If anomalies are not acted upon, security functions may fail to secure the system.
Security function is defined as the hardware, software, and/or fi... |
| V-203759 | | The operating system must generate audit records when successful/unsuccessful attempts to access security objects occur. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlat... |
| V-203760 | | The operating system must generate audit records when successful/unsuccessful attempts to access categories of information (e.g., classification levels) occur. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlat... |
| V-203761 | | The operating system must generate audit records when successful/unsuccessful attempts to modify privileges occur. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlat... |
| V-203762 | | The operating system must generate audit records when successful/unsuccessful attempts to modify security objects occur. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlat... |
| V-203763 | | The operating system must generate audit records when successful/unsuccessful attempts to modify categories of information (e.g., classification levels) occur. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlat... |
| V-203764 | | The operating system must generate audit records when successful/unsuccessful attempts to delete privileges occur. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlat... |
| V-203765 | | The operating system must generate audit records when successful/unsuccessful attempts to delete security levels occur. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlat... |
| V-203766 | | The operating system must generate audit records when successful/unsuccessful attempts to delete security objects occur. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlat... |
| V-203767 | | The operating system must generate audit records when successful/unsuccessful logon attempts occur. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlat... |
| V-203768 | | The operating system must generate audit records for privileged activities or other system-level access. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlat... |
| V-203769 | | The audit system must be configured to audit the loading and unloading of dynamic kernel modules. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlat... |
| V-203770 | | The operating system must generate audit records showing starting and ending time for user access to the system. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlat... |
| V-203771 | | The operating system must generate audit records when concurrent logons to the same account occur from different sources. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlat... |
| V-203772 | | The operating system must generate audit records when successful/unsuccessful accesses to objects occur. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlat... |
| V-203773 | | The operating system must generate audit records for all direct access to the information system. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlat... |
| V-203774 | | The operating system must generate audit records for all account creations, modifications, disabling, and termination events. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlat... |
| V-203775 | | The operating system must generate audit records for all kernel module load, unload, and restart actions, and also for all program initiations. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlat... |
| V-203777 | | The operating system must, at a minimum, off-load audit data from interconnected systems in real time and off-load audit data from standalone systems weekly. | Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
Off-loading is a common process in information s... |
| V-203778 | | The operating system must prevent the use of dictionary words for passwords. | If the operating system allows the user to select passwords based on dictionary words, then this increases the chances of password compromise by incre... |
| V-203779 | | The operating system must enforce a delay of at least 4 seconds between logon prompts following a failed logon attempt. | Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account.... |
| V-203780 | | The operating system must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. | Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal... |
| V-203781 | | The operating system must define default permissions for all authenticated users in such a way that the user can only read and modify their own files. | Setting the most restrictive default permissions ensures that when new accounts are created they do not have unnecessary access.... |
| V-203783 | | The operating system must limit the ability of non-privileged users to grant other users direct access to the contents of their home directories/folders. | Users' home directories/folders may contain information of a sensitive nature. Non-privileged users should coordinate any sharing of information with ... |
| V-203784 | | The operating system must enable an application firewall, if available. | Firewalls protect computers from network attacks by blocking or limiting access to open network ports. Application firewalls limit which applications ... |
| V-259333 | | The operating system must install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs). | Security flaws with operating systems are discovered daily. Vendors are constantly updating and patching their products to address newly discovered se... |
| V-263650 | | The operating system must disable accounts when the accounts are no longer associated to a user. | Disabling expired, inactive, or otherwise anomalous accounts supports the concepts of least privilege and least functionality which reduce the attack ... |
| V-263651 | | The operating system must prohibit the use or connection of unauthorized hardware components. | Hardware components provide the foundation for organizational systems and the platform for the execution of authorized software programs. Managing the... |
| V-263652 | | The operating system must implement multifactor authentication for local, network, and/or remote access to privileged accounts and/or nonprivileged accounts such that the device meets organization-defined strength of mechanism requirements. | The purpose of requiring a device separate from the system to which the user is attempting to gain access for one of the factors during multifactor au... |
| V-263653 | | The operating system must, for password-based authentication, verify when users create or update passwords the passwords are not found on the list of commonly-used, expected, or compromised passwords in IA-5 (1) (a). | Password-based authentication applies to passwords regardless of whether they are used in single-factor or multifactor authentication. Long passwords ... |
| V-263654 | | The operating system must for password-based authentication, require immediate selection of a new password upon account recovery. | Password-based authentication applies to passwords regardless of whether they are used in single-factor or multifactor authentication. Long passwords ... |
| V-263655 | | The operating system must for password-based authentication, allow user selection of long passwords and passphrases, including spaces and all printable characters. | Password-based authentication applies to passwords regardless of whether they are used in single-factor or multifactor authentication. Long passwords ... |
| V-263656 | | The operating system must, for password-based authentication, employ automated tools to assist the user in selecting strong password authenticators. | Password-based authentication applies to passwords regardless of whether they are used in single-factor or multifactor authentication. Long passwords ... |
| V-263657 | | The operating system must accept only external credentials that are NIST-compliant. | Acceptance of only NIST-compliant external authenticators applies to organizational systems that are accessible to the public (e.g., public-facing web... |
| V-263658 | | The operating system must monitor the use of maintenance tools that execute with increased privilege. | Maintenance tools that execute with increased system privilege can result in unauthorized access to organizational information and assets that would o... |
| V-263659 | | The operating system must include only approved trust anchors in trust stores or certificate stores managed by the organization. | Public key infrastructure (PKI) certificates are certificates with visibility external to organizational systems and certificates related to the inter... |
| V-263660 | | The operating system must provide protected storage for cryptographic keys with organization-defined safeguards and/or hardware protected key store. | A Trusted Platform Module (TPM) is an example of a hardware-protected data store that can be used to protect cryptographic keys.... |
| V-263661 | | The operating system must synchronize system clocks within and between systems or system components. | Time synchronization of system clocks is essential for the correct execution of many system services, including identification and authentication proc... |
| V-203597 | | The operating system must limit the number of concurrent sessions to ten for all accounts and/or account types. | Operating system management includes the ability to control the number of users and user sessions that utilize an operating system. Limiting the numbe... |
| V-203700 | | The operating system must allocate audit record storage capacity to store at least one week's worth of audit records, when audit records are not immediately sent to a central audit record storage facility. | In order to ensure operating systems have a sufficient storage capacity in which to write the audit logs, operating systems need to be able to allocat... |
| V-203701 | | The operating system must offload audit records onto a different system or media from the system being audited. | Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
Off-loading is a common process in information s... |
| V-203702 | | The operating system must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity. | If security personnel are not notified immediately when storage volume reaches 75% utilization, they are unable to plan for audit record storage capac... |
| V-203704 | | The operating system must provide an audit reduction capability that supports on-demand audit review and analysis. | The ability to perform on-demand audit review and analysis, including after the audit data has been subjected to audit reduction, greatly facilitates ... |
| V-203705 | | The operating system must provide an audit reduction capability that supports after-the-fact investigations of security incidents. | If the audit reduction capability does not support after-the-fact investigations, it is difficult to establish, correlate, and investigate the events ... |
| V-203706 | | The operating system must provide a report generation capability that supports on-demand audit review and analysis. | The report generation capability must support on-demand review and analysis in order to facilitate the organization's ability to generate incident rep... |
| V-203707 | | The operating system must provide a report generation capability that supports on-demand reporting requirements. | The report generation capability must support on-demand reporting in order to facilitate the organization's ability to generate incident reports, as n... |
| V-203708 | | The operating system must provide a report generation capability that supports after-the-fact investigations of security incidents. | If the report generation capability does not support after-the-fact investigations, it is difficult to establish, correlate, and investigate the event... |
| V-203714 | | The operating system must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT). | If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analysis.
Time stamps generate... |
| V-203603 | | The operating system must implement DoD-approved encryption to protect the confidentiality of remote access sessions. | Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session.
Remote ... |
| V-203629 | | The operating system must store only encrypted representations of passwords. | Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can ... |
| V-203630 | | The operating system must transmit only encrypted representations of passwords. | Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can ... |
| V-203653 | | The operating system must employ strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions. | If maintenance tools are used by unauthorized personnel, they may accidentally or intentionally damage or compromise the system. The act of managing s... |
| V-203669 | | The operating system must implement cryptography to protect the integrity of remote access sessions. | Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
Remote access (e.g., RDP) is access ... |
| V-203682 | | The operating system must use cryptographic mechanisms to protect the integrity of audit tools. | Protecting the integrity of the tools used for auditing purposes is a critical step toward ensuring the integrity of audit information. Audit informat... |
| V-203695 | | The operating system must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | Preventing non-privileged users from executing privileged functions mitigates the risk that unauthorized individuals or processes may gain unnecessary... |
| V-203720 | | The operating system must prevent the installation of patches, service packs, device drivers, or operating system components without verification they have been digitally signed using a certificate that is recognized and approved by the organization. | Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software... |
| V-203736 | | The operating system must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications, when used for nonlocal maintenance sessions. | Privileged access contains control and configuration information and is particularly sensitive, so additional protections are necessary. This is maint... |
| V-203737 | | The operating system must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications, when used for nonlocal maintenance sessions. | Privileged access contains control and configuration information and is particularly sensitive, so additional protections are necessary. This is maint... |
| V-203739 | | The operating system must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The operating system must implement cry... |
| V-203745 | | The operating system must implement cryptographic mechanisms to prevent unauthorized modification of all information at rest on all operating system components. | Operating systems handling data requiring "data at rest" protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modif... |
| V-203746 | | The operating system must implement cryptographic mechanisms to prevent unauthorized disclosure of all information at rest on all operating system components. | Operating systems handling data requiring "data at rest" protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modif... |
| V-203748 | | The operating system must protect the confidentiality and integrity of transmitted information. | Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercep... |
| V-203749 | | The operating system must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS). | Encrypting information for transmission protects information from unauthorized disclosure and modification. Cryptographic mechanisms implemented to pr... |
| V-203776 | | The operating system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The operating system must implement cry... |
| V-203782 | | The operating system must not allow an unattended or automatic logon to the system. | Failure to restrict system access to authenticated users negatively impacts operating system security.... |
| V-252688 | | The operating system must protect the confidentiality and integrity of communications with wireless peripherals. | Without protection of communications with wireless peripherals, confidentiality and integrity may be compromised because unprotected communications ca... |
