| Checked | Name | Title |
|---|
| ☐ | SV-100115r1_rule | The SLES for vRealize must automatically remove or disable temporary user accounts after 72 hours. |
| ☐ | SV-100117r1_rule | The SLES for vRealize must audit all account creations. |
| ☐ | SV-100119r1_rule | In addition to auditing new user and group accounts, these watches will alert the system administrator(s) to any modifications. Any unexpected users, groups, or modifications must be investigated for legitimacy. |
| ☐ | SV-100121r1_rule | The SLES for vRealize must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period. |
| ☐ | SV-100123r1_rule | The SLES for vRealize must display the Standard Mandatory DoD Notice and Consent Banner before granting access via SSH. |
| ☐ | SV-100125r1_rule | The SLES for vRealize must limit the number of concurrent sessions to 10 for all accounts and/or account types. |
| ☐ | SV-100127r1_rule | The SLES for vRealize must initiate a session lock after a 15-minute period of inactivity for all connection types. |
| ☐ | SV-100129r1_rule | The SLES for vRealize must initiate a session lock after a 15-minute period of inactivity for an SSH connection. |
| ☐ | SV-100131r1_rule | The SLES for vRealize must monitor remote access methods - SSH Daemon. |
| ☐ | SV-100133r1_rule | The SLES for vRealize must implement DoD-approved encryption to protect the confidentiality of remote access sessions- SSH Daemon. |
| ☐ | SV-100135r1_rule | The SLES for vRealize must implement DoD-approved encryption to protect the confidentiality of remote access sessions - SSH Client. |
| ☐ | SV-100137r1_rule | The SLES for vRealize must produce audit records. |
| ☐ | SV-100139r1_rule | The SLES for vRealize must alert the ISSO and SA (at a minimum) in the event of an audit processing failure. |
| ☐ | SV-100141r1_rule | The SLES for vRealize must shut down by default upon audit failure (unless availability is an overriding concern). |
| ☐ | SV-100143r1_rule | The SLES for vRealize must protect audit information from unauthorized read access - ownership. |
| ☐ | SV-100145r1_rule | The SLES for vRealize must protect audit information from unauthorized read access - group-ownership. |
| ☐ | SV-100147r1_rule | The SLES for vRealize must protect audit information from unauthorized modification. |
| ☐ | SV-100149r1_rule | The SLES for vRealize must protect audit information from unauthorized deletion. |
| ☐ | SV-100151r1_rule | The SLES for vRealize must protect audit information from unauthorized deletion - log directories. |
| ☐ | SV-100153r1_rule | The SLES for vRealize audit system must be configured to audit all administrative, privileged, and security actions. |
| ☐ | SV-100155r1_rule | The SLES for vRealize audit system must be configured to audit all attempts to alter system time through adjtimex. |
| ☐ | SV-100157r1_rule | The SLES for vRealize audit system must be configured to audit all attempts to alter system time through settimeofday. |
| ☐ | SV-100159r1_rule | The SLES for vRealize audit system must be configured to audit all attempts to alter system time through stime. |
| ☐ | SV-100161r1_rule | The SLES for vRealize audit system must be configured to audit all attempts to alter system time through clock_settime. |
| ☐ | SV-100163r1_rule | The SLES for vRealize audit system must be configured to audit all attempts to alter system time through /etc/localtime. |
| ☐ | SV-100165r1_rule | The SLES for vRealize audit system must be configured to audit all attempts to alter the system through sethostname. |
| ☐ | SV-100167r1_rule | The SLES for vRealize audit system must be configured to audit all attempts to alter the system through setdomainname. |
| ☐ | SV-100169r1_rule | The SLES for vRealize audit system must be configured to audit all attempts to alter the system through sched_setparam. |
| ☐ | SV-100171r1_rule | The SLES for vRealize audit system must be configured to audit all attempts to alter the system through sched_setscheduler. |
| ☐ | SV-100173r1_rule | The SLES for vRealize audit system must be configured to audit all attempts to alter /var/log/faillog. |
| ☐ | SV-100175r1_rule | The SLES for vRealize audit system must be configured to audit all attempts to alter /var/log/lastlog. |
| ☐ | SV-100177r1_rule | The SLES for vRealize audit system must be configured to audit all attempts to alter /var/log/tallylog. |
| ☐ | SV-100179r1_rule | The SLES for vRealize must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - Permissions. |
| ☐ | SV-100181r1_rule | The SLES for vRealize must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - ownership. |
| ☐ | SV-100183r1_rule | The SLES for vRealize must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - group-ownership. |
| ☐ | SV-100185r1_rule | The SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all discretionary access control permission modifications using chmod. |
| ☐ | SV-100187r1_rule | The SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all discretionary access control permission modifications using chown. |
| ☐ | SV-100189r1_rule | The SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all discretionary access control permission modifications using fchmod. |
| ☐ | SV-100191r1_rule | The SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all discretionary access control permission modifications using fchmodat. |
| ☐ | SV-100193r1_rule | The SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all discretionary access control permission modifications using fchown. |
| ☐ | SV-100195r1_rule | The SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all discretionary access control permission modifications using fchownat. |
| ☐ | SV-100197r1_rule | The SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all discretionary access control permission modifications using fremovexattr. |
| ☐ | SV-100199r1_rule | The SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all discretionary access control permission modifications using fsetxattr. |
| ☐ | SV-100201r1_rule | The SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all discretionary access control permission modifications using lchown. |
| ☐ | SV-100203r1_rule | The SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all discretionary access control permission modifications using lremovexattr. |
| ☐ | SV-100205r1_rule | The SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all discretionary access control permission modifications using lsetxattr. |
| ☐ | SV-100207r1_rule | The SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all discretionary access control permission modifications using removexattr. |
| ☐ | SV-100209r1_rule | The SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all discretionary access control permission modifications using setxattr. |
| ☐ | SV-100211r1_rule | The SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all failed attempts to access files and programs. |
| ☐ | SV-100213r1_rule | The SLES for vRealize must enforce password complexity by requiring that at least one upper-case character be used. |
| ☐ | SV-100215r1_rule | Global settings defined in common- {account,auth,password,session} must be applied in the pam.d definition files. |
| ☐ | SV-100217r1_rule | The SLES for vRealize must enforce password complexity by requiring that at least one lower-case character be used. |
| ☐ | SV-100219r1_rule | The SLES for vRealize must enforce password complexity by requiring that at least one numeric character be used. |
| ☐ | SV-100221r1_rule | The SLES for vRealize must require the change of at least eight of the total number of characters when passwords are changed. |
| ☐ | SV-100223r1_rule | The SLES for vRealize must store only encrypted representations of passwords. |
| ☐ | SV-100225r1_rule | The SLES for vRealize must store only encrypted representations of passwords. |
| ☐ | SV-100227r1_rule | SLES for vRealize must enforce 24 hours/1 day as the minimum password lifetime. |
| ☐ | SV-100229r1_rule | Users must not be able to change passwords more than once every 24 hours. |
| ☐ | SV-100231r1_rule | SLES for vRealize must enforce a 60-day maximum password lifetime restriction. |
| ☐ | SV-100233r1_rule | User passwords must be changed at least every 60 days. |
| ☐ | SV-100235r1_rule | The SLES for vRealize must prohibit password reuse for a minimum of five generations. |
| ☐ | SV-100237r1_rule | The SLES for vRealize must prohibit password reuse for a minimum of five generations - old passwords are being stored. |
| ☐ | SV-100239r1_rule | The SLES for vRealize must enforce a minimum 15-character password length. |
| ☐ | SV-100241r1_rule | The system must require root password authentication upon booting into single-user mode. |
| ☐ | SV-100243r1_rule | Bootloader authentication must be enabled to prevent users without privilege to gain access to restricted file system resources. |
| ☐ | SV-100245r1_rule | The system boot loader configuration file(s) must have mode 0600 or less permissive. |
| ☐ | SV-100247r1_rule | The system boot loader configuration files must be owned by root. |
| ☐ | SV-100249r1_rule | The system boot loader configuration file(s) must be group-owned by root, bin, sys, or system. |
| ☐ | SV-100251r1_rule | The Bluetooth protocol handler must be disabled or not installed. |
| ☐ | SV-100253r1_rule | The system must have USB Mass Storage disabled unless needed. |
| ☐ | SV-100255r1_rule | The system must have USB disabled unless needed. |
| ☐ | SV-100257r1_rule | The telnet-server package must not be installed. |
| ☐ | SV-100259r1_rule | The rsh-server package must not be installed. |
| ☐ | SV-100261r1_rule | The ypserv package must not be installed. |
| ☐ | SV-100263r1_rule | The yast2-tftp-server package must not be installed. |
| ☐ | SV-100265r1_rule | The tftp package must not be installed. |
| ☐ | SV-100267r1_rule | The Datagram Congestion Control Protocol (DCCP) must be disabled unless required. |
| ☐ | SV-100269r1_rule | The Stream Control Transmission Protocol (SCTP) must be disabled unless required. |
| ☐ | SV-100271r1_rule | The Reliable Datagram Sockets (RDS) protocol must be disabled or not installed unless required. |
| ☐ | SV-100273r1_rule | The Transparent Inter-Process Communication (TIPC) must be disabled or not installed. |
| ☐ | SV-100275r1_rule | The xinetd service must be disabled if no network services using it are enabled. |
| ☐ | SV-100277r1_rule | The xinetd.conf file, and the xinetd.d directory must be owned by root or bin. |
| ☐ | SV-100279r1_rule | The inetd.conf file, xinetd.conf file, and xinetd.d directory must be group owned by root, bin, sys, or system. |
| ☐ | SV-100281r1_rule | The xinetd.d directory must have mode 0755 or less permissive. |
| ☐ | SV-100283r1_rule | Xinetd logging/tracing must be enabled. |
| ☐ | SV-100285r1_rule | The ypbind service must not be running if no network services utilizing it are enabled. |
| ☐ | SV-100287r1_rule | The system must not use UDP for NIS/NIS+. |
| ☐ | SV-100289r1_rule | NIS maps must be protected through hard-to-guess domain names. |
| ☐ | SV-100291r1_rule | Mail relaying must be restricted. |
| ☐ | SV-100293r1_rule | The alias files must be owned by root. |
| ☐ | SV-100295r1_rule | The alias files must be group-owned by root or a system group. |
| ☐ | SV-100297r1_rule | The alias files must have mode 0644 or less permissive. |
| ☐ | SV-100299r1_rule | Files executed through a mail aliases file must be owned by root and must reside within a directory owned and writable only by root. |
| ☐ | SV-100301r1_rule | Files executed through a mail aliases file must be group-owned by root, bin, sys, or system, and must reside within a directory group-owned by root, bin, sys, or system. |
| ☐ | SV-100303r1_rule | Files executed through a mail aliases file must have mode 0755 or less permissive. |
| ☐ | SV-100305r1_rule | Sendmail logging must not be set to less than nine in the sendmail.cf file. |
| ☐ | SV-100307r1_rule | The system syslog service must log informational and more severe SMTP service messages. |
| ☐ | SV-100309r1_rule | The SMTP service log files must be owned by root. |
| ☐ | SV-100311r1_rule | The SMTP service log file must have mode 0644 or less permissive. |
| ☐ | SV-100313r1_rule | The SMTP service HELP command must not be enabled. |
| ☐ | SV-100315r1_rule | The SMTP service SMTP greeting must not provide version information. |
| ☐ | SV-100317r1_rule | The SMTP service must not use .forward files. |
| ☐ | SV-100319r1_rule | The SMTP service must not have the EXPN feature active. |
| ☐ | SV-100321r1_rule | The SMTP service must not have the VRFY feature active. |
| ☐ | SV-100323r1_rule | The Lightweight User Datagram Protocol (UDP-Lite) must be disabled unless required. |
| ☐ | SV-100325r1_rule | The Internetwork Packet Exchange (IPX) protocol must be disabled or not installed. |
| ☐ | SV-100327r1_rule | The AppleTalk protocol must be disabled or not installed. |
| ☐ | SV-100329r1_rule | The DECnet protocol must be disabled or not installed. |
| ☐ | SV-100331r1_rule | Proxy Neighbor Discovery Protocol (NDP) must not be enabled on the system. |
| ☐ | SV-100333r1_rule | The SLES for vRealize must not have 6to4 enabled. |
| ☐ | SV-100335r1_rule | The SLES for vRealize must not have Teredo enabled. |
| ☐ | SV-100337r1_rule | The DHCP client must be disabled if not needed. |
| ☐ | SV-100339r1_rule | The SLES for vRealize must have IEEE 1394 (Firewire) disabled unless needed. |
| ☐ | SV-100341r1_rule | Duplicate User IDs (UIDs) must not exist for users within the organization. |
| ☐ | SV-100343r1_rule | The SLES for vRealize must prevent direct logon into the root account. |
| ☐ | SV-100345r1_rule | The SLES for vRealize must enforce SSHv2 for network access to privileged accounts. |
| ☐ | SV-100347r1_rule | The SLES for vRealize must enforce SSHv2 for network access to non-privileged accounts. |
| ☐ | SV-100349r1_rule | The SLES for vRealize must disable account identifiers of individuals and roles (such as root) after 35 days of inactivity after password expiration. |
| ☐ | SV-100351r1_rule | The SLES for vRealize must use mechanisms meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module. |
| ☐ | SV-100353r1_rule | The SLES for vRealize must uniquely identify and must authenticate non-organizational users (or processes acting on behalf of non-organizational users). |
| ☐ | SV-100355r1_rule | All GIDs referenced in /etc/passwd must be defined in /etc/group. |
| ☐ | SV-100357r1_rule | The SLES for vRealize must uniquely identify and must authenticate non-organizational users (or processes acting on behalf of non-organizational users). |
| ☐ | SV-100359r1_rule | The SLES for vRealize must be configured such that emergency administrator accounts are never automatically removed or disabled. |
| ☐ | SV-100361r1_rule | The SLES for vRealize must employ strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions. |
| ☐ | SV-100363r1_rule | The SLES for vRealize must terminate all sessions and network connections related to nonlocal maintenance when nonlocal maintenance is completed. |
| ☐ | SV-100365r1_rule | The SLES for vRealize must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks. |
| ☐ | SV-100367r1_rule | The SLES for vRealize must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks. |
| ☐ | SV-100369r1_rule | The SLES for vRealize must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity; and for user sessions (non-privileged session), the session must be terminated after 15 minutes of inactivity, except to fulfill documented and validated mission requirements. |
| ☐ | SV-100371r1_rule | The /var/log directory must be group-owned by root. |
| ☐ | SV-100373r1_rule | The /var/log directory must be owned by root. |
| ☐ | SV-100375r1_rule | The /var/log directory must have mode 0750 or less permissive. |
| ☐ | SV-100377r1_rule | The /var/log/messages file must be group-owned by root. |
| ☐ | SV-100379r1_rule | The /var/log/messages file must be owned by root. |
| ☐ | SV-100381r1_rule | The /var/log/messages file must have mode 0640 or less permissive. |
| ☐ | SV-100383r1_rule | The SLES for vRealize must reveal error messages only to authorized users. |
| ☐ | SV-100385r1_rule | The SLES for vRealize must reveal error messages only to authorized users. |
| ☐ | SV-100387r1_rule | The SLES for vRealize must reveal error messages only to authorized users. |
| ☐ | SV-100389r1_rule | Any publically accessible connection to the SLES for vRealize must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system. |
| ☐ | SV-100391r1_rule | The SLES for vRealize must audit all account modifications. |
| ☐ | SV-100393r1_rule | The SLES for vRealize must audit all account modifications. |
| ☐ | SV-100395r1_rule | The SLES for vRealize must audit all account disabling actions. |
| ☐ | SV-100397r1_rule | The SLES for vRealize must audit all account removal actions. |
| ☐ | SV-100399r1_rule | The SLES for vRealize must implement cryptography to protect the integrity of remote access sessions. |
| ☐ | SV-100401r1_rule | The SLES for vRealize must initiate session audits at system start-up. |
| ☐ | SV-100403r1_rule | The SLES for vRealize must produce audit records containing information to establish the identity of any individual or process associated with the event. |
| ☐ | SV-100405r1_rule | The SLES for vRealize must protect audit tools from unauthorized access. |
| ☐ | SV-100407r1_rule | The SLES for vRealize must protect audit tools from unauthorized modification. |
| ☐ | SV-100409r1_rule | The SLES for vRealize must protect audit tools from unauthorized deletion. |
| ☐ | SV-100411r1_rule | The shared library files must have restrictive permissions. |
| ☐ | SV-100413r1_rule | Shared library files must have root ownership. |
| ☐ | SV-100415r1_rule | System executables must have restrictive permissions. |
| ☐ | SV-100417r1_rule | System executables must have root ownership. |
| ☐ | SV-100419r1_rule | The SLES for vRealize must enforce password complexity by requiring that at least one special character be used. |
| ☐ | SV-100421r1_rule | The SLES for vRealize must automatically terminate a user session after inactivity time-outs have expired or at shutdown. |
| ☐ | SV-100423r1_rule | The SLES for vRealize must control remote access methods. |
| ☐ | SV-100425r1_rule | The SLES for vRealize must audit all account enabling actions. |
| ☐ | SV-100427r1_rule | The SLES for vRealize must notify System Administrators and Information System Security Officers when accounts are created, or enabled when previously disabled. |
| ☐ | SV-100429r1_rule | The SLES for vRealize must audit the execution of privileged functions. |
| ☐ | SV-100431r1_rule | The SLES for vRealize must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes occur. |
| ☐ | SV-100433r1_rule | The SLES for vRealize must off-load audit records onto a different system or media from the system being audited. |
| ☐ | SV-100435r1_rule | The SLES for vRealize must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity. |
| ☐ | SV-100437r1_rule | The SLES for vRealize must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events requiring real-time alerts. |
| ☐ | SV-100439r1_rule | The SLES for vRealize must, for networked systems, compare internal information system clocks at least every 24 hours with a server which is synchronized to one of the redundant United States Naval Observatory (USNO) time servers, or a time server designated for the appropriate DoD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS). |
| ☐ | SV-100441r1_rule | The time synchronization configuration file (such as /etc/ntp.conf) must be owned by root. |
| ☐ | SV-100443r1_rule | The time synchronization configuration file (such as /etc/ntp.conf) must be group-owned by root, bin, sys, or system. |
| ☐ | SV-100445r1_rule | The time synchronization configuration file (such as /etc/ntp.conf) must have mode 0640 or less permissive. |
| ☐ | SV-100447r1_rule | The SLES for vRealize must synchronize internal information system clocks to the authoritative time source when the time difference is greater than one second. |
| ☐ | SV-100449r1_rule | The SLES for vRealize must audit the enforcement actions used to restrict access associated with changes to the system. |
| ☐ | SV-100451r1_rule | The RPM package management tool must cryptographically verify the authenticity of all software packages during installation. |
| ☐ | SV-100453r1_rule | The SLES for vRealize must audit all activities performed during nonlocal maintenance and diagnostic sessions. |
| ☐ | SV-100455r1_rule | The SLES for vRealize must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications, when used for nonlocal maintenance sessions. |
| ☐ | SV-100457r1_rule | The SLES for vRealize must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications, when used for nonlocal maintenance sessions. |
| ☐ | SV-100459r1_rule | The SLES for vRealize must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. |
| ☐ | SV-100461r1_rule | The SLES for vRealize must protect against or limit the effects of Denial of Service (DoS) attacks by ensuring the SLES for vRealize is implementing rate-limiting measures on impacted network interfaces. |
| ☐ | SV-100463r1_rule | The SLES for vRealize must protect the confidentiality and integrity of transmitted information. |
| ☐ | SV-100465r1_rule | The SLES for vRealize must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS). |
| ☐ | SV-100467r1_rule | The SLES for vRealize must implement non-executable data to protect its memory from unauthorized code execution. |
| ☐ | SV-100469r1_rule | The SLES for vRealize must implement address space layout randomization to protect its memory from unauthorized code execution. |
| ☐ | SV-100471r1_rule | The SLES for vRealize must verify correct operation of all security functions. |
| ☐ | SV-100473r1_rule | The SLES for vRealize must generate audit records when successful/unsuccessful attempts to access security objects occur. |
| ☐ | SV-100475r1_rule | The SLES for vRealize must generate audit records when successful/unsuccessful attempts to modify privileges occur. |
| ☐ | SV-100477r1_rule | The SLES for vRealize must generate audit records when successful/unsuccessful attempts to modify security objects occur. |
| ☐ | SV-100479r1_rule | The SLES for vRealize must generate audit records when successful/unsuccessful attempts to delete privileges occur. |
| ☐ | SV-100481r1_rule | The SLES for vRealize must generate audit records when successful/unsuccessful attempts to delete security objects occur. |
| ☐ | SV-100483r1_rule | The SLES for vRealize must generate audit records when successful/unsuccessful logon attempts occur. |
| ☐ | SV-100485r1_rule | The SLES for vRealize must generate audit records for privileged activities or other system-level access. |
| ☐ | SV-100487r1_rule | The SLES for vRealize audit system must be configured to audit the loading and unloading of dynamic kernel modules. |
| ☐ | SV-100489r1_rule | The SLES for vRealize must generate audit records showing starting and ending time for user access to the system. |
| ☐ | SV-100491r1_rule | The SLES for vRealize must generate audit records when concurrent logons to the same account occur from different sources. |
| ☐ | SV-100493r1_rule | The SLES for vRealize must generate audit records when successful/unsuccessful accesses to objects occur. |
| ☐ | SV-100495r1_rule | The SLES for vRealize audit system must be configured to audit failed attempts to access files and programs. |
| ☐ | SV-100497r1_rule | The SLES for vRealize audit system must be configured to audit failed attempts to access files and programs. |
| ☐ | SV-100499r1_rule | The SLES for vRealize audit system must be configured to audit user deletions of files and programs. |
| ☐ | SV-100501r1_rule | The SLES for vRealize audit system must be configured to audit file deletions. |
| ☐ | SV-100503r1_rule | SLES for vRealize audit logs must be rotated daily. |
| ☐ | SV-100505r1_rule | The SLES for vRealize must generate audit records for all direct access to the information system. |
| ☐ | SV-100507r1_rule | The SLES for vRealize must generate audit records for all account creations, modifications, disabling, and termination events. |
| ☐ | SV-100509r1_rule | The SLES for vRealize must generate audit records for all kernel module load, unload, and restart actions, and also for all program initiations. |
| ☐ | SV-100511r1_rule | The SLES for vRealize must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. |
| ☐ | SV-100513r1_rule | The SLES for vRealize must, at a minimum, off-load audit information on interconnected systems in real time and off-load standalone systems weekly. |
| ☐ | SV-100515r1_rule | The SLES for vRealize must prevent the use of dictionary words for passwords. |
| ☐ | SV-100517r1_rule | The SLES for vRealize must prevent the use of dictionary words for passwords. |
| ☐ | SV-100519r1_rule | The SLES for vRealize must prevent the use of dictionary words for passwords. |
| ☐ | SV-100521r1_rule | The SLES for vRealize must enforce a delay of at least 4 seconds between logon prompts following a failed logon attempt. |
| ☐ | SV-100523r1_rule | The SLES for vRealize must enforce a delay of at least 4 seconds between logon prompts following a failed logon attempt. |
| ☐ | SV-100525r1_rule | The SLES for vRealize must enforce a delay of at least 4 seconds between logon prompts following a failed logon attempt. |
| ☐ | SV-100527r1_rule | The SLES for vRealize must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. |
| ☐ | SV-100529r1_rule | The SLES for vRealize must define default permissions for all authenticated users in such a way that the user can only read and modify their own files. |
| ☐ | SV-100531r1_rule | The SLES for vRealize must employ a deny-all, allow-by-exception firewall policy for allowing connections to other systems. |
STIGQter: STIG Summary: