| V-258806 | High | The Photon operating system must have the OpenSSL FIPS provider installed to protect the confidentiality of remote access sessions. | Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session.
OpenSSH on the Photon operating system when... |
| V-258819 | High | The Photon operating system must not have the telnet package installed. | Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily... |
| V-258818 | High | The operating system must store only encrypted representations of passwords. | Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily... |
| V-258839 | High | The Photon operating system must use cryptographic mechanisms to protect the integrity of audit tools. | Protecting the integrity of the tools used for auditing purposes is a critical step toward ensuring the integrity of audit information. Audit information includes all information (e.g., audit... |
| V-258835 | High | The Photon operating system must implement only approved ciphers to protect the integrity of remote access sessions. | Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
Remote access (e.g., RDP) is access to DOD nonpublic information systems by an... |
| V-258846 | High | The Photon operating system TDNF package management tool must cryptographically verify the authenticity of all software packages during installation. | Installation of any nontrusted software, patches, service packs, device drivers, or operating system components can significantly affect the overall security of the operating system. This... |
| V-258841 | High | The Photon operating system must enable symlink access control protection in the kernel. | By enabling the fs.protected_symlinks kernel parameter, symbolic links are permitted to be followed only when outside a sticky world-writable directory, or when the UID of the link and follower... |
| V-258857 | High | The Photon operating system must configure Secure Shell (SSH) to disallow HostbasedAuthentication. | SSH trust relationships enable trivial lateral spread after a host compromise and therefore must be explicitly disabled. |
| V-258852 | High | The Photon operating system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The operating system must implement cryptographic modules adhering to the higher... |
| V-258864 | High | The Photon operating system TDNF package management tool must cryptographically verify the authenticity of all software packages during installation for all repos. | Installation of any nontrusted software, patches, service packs, device drivers, or operating system components can significantly affect the overall security of the operating system. This... |
| V-258900 | High | The Photon operating system must implement only approved Message Authentication Codes (MACs) to protect the integrity of remote access sessions. | Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
Remote access (e.g., RDP) is access to DOD nonpublic information systems by an... |
| V-258871 | High | The Photon operating system must configure Secure Shell (SSH) to disable user environment processing. | Enabling user environment processing may enable users to bypass access restrictions in some configurations and must therefore be disabled. |
| V-258870 | High | The Photon operating system must configure Secure Shell (SSH) to disallow authentication with an empty password. | Blank passwords are one of the first things an attacker checks for when probing a system. Even if the user somehow has a blank password on the OS, SSH must not allow that user to log in. |
| V-258801 | Medium | The Photon operating system must audit all account creations. | Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to create an... |
| V-258802 | Medium | The Photon operating system must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period. | By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by... |
| V-258803 | Medium | The Photon operating system must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system. | Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal... |
| V-258805 | Medium | The Photon operating system must monitor remote access logins. | Remote access services, such as those providing remote access to network devices and information systems, which lack automated monitoring capabilities, increase risk and make remote user access... |
| V-258807 | Medium | The Photon operating system must configure auditd to log to disk. | Without establishing what type of events occurred, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
Audit record content must be... |
| V-258808 | Medium | The Photon operating system must enable the auditd service. | Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. To that... |
| V-258809 | Medium | The Photon operating system must be configured to audit the execution of privileged functions. | Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious... |
| V-258888 | Medium | The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted. | ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An... |
| V-258889 | Medium | The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) secure redirect messages from being accepted. | ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An... |
| V-258880 | Medium | The Photon operating system must configure Secure Shell (SSH) to ignore user-specific trusted hosts lists. | SSH trust relationships enable trivial lateral spread after a host compromise and therefore must be explicitly disabled. Individual users can have a local list of trusted remote machines, which... |
| V-258881 | Medium | The Photon operating system must configure Secure Shell (SSH) to ignore user-specific known_host files. | SSH trust relationships enable trivial lateral spread after a host compromise and therefore must be explicitly disabled. Individual users can have a local list of trusted remote machines, which... |
| V-258882 | Medium | The Photon operating system must configure Secure Shell (SSH) to limit the number of allowed login attempts per connection. | By setting the login attempt limit to a low value, an attacker will be forced to reconnect frequently, which severely limits the speed and effectiveness of brute-force attacks. |
| V-258883 | Medium | The Photon operating system must configure Secure Shell (SSH) to restrict AllowTcpForwarding. | While enabling TCP tunnels is a valuable function of sshd, this feature is not appropriate for use on single purpose appliances. |
| V-258884 | Medium | The Photon operating system must configure Secure Shell (SSH) to restrict LoginGraceTime. | By default, SSH unauthenticated connections are left open for two minutes before being closed. This setting is too permissive as no legitimate login would need such an amount of time to complete a... |
| V-258885 | Medium | The Photon operating system must be configured so that the x86 Ctrl-Alt-Delete key sequence is disabled on the command line. | When the Ctrl-Alt-Del target is enabled, a locally logged-on user who presses Ctrl-Alt-Delete, when at the console, can reboot the system. If accidentally pressed, as could happen in the case of a... |
| V-258886 | Medium | The Photon operating system must not forward IPv4 or IPv6 source-routed packets. | Source routing is an Internet Protocol mechanism that allows an IP packet to carry information, a list of addresses, that tells a router the path the packet must take. There is also an option to... |
| V-258887 | Medium | The Photon operating system must not respond to IPv4 Internet Control Message Protocol (ICMP) echoes sent to a broadcast address. | Responding to broadcast (ICMP) echoes facilitates network mapping and provides a vector for amplification attacks. |
| V-258813 | Medium | The Photon operating system must generate audit records when successful/unsuccessful attempts to access privileges occur. | The changing of file permissions could indicate that a user is attempting to gain access to information that would otherwise be disallowed. Auditing DAC modifications can facilitate the... |
| V-258812 | Medium | The Photon operating system must allow only authorized users to configure the auditd service. | Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel may be able to prevent the auditing of critical events. Misconfigured... |
| V-258811 | Medium | The Photon operating system must protect audit logs from unauthorized access. | Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
Audit information includes all information (e.g., audit... |
| V-258810 | Medium | The Photon operating system must alert the ISSO and SA in the event of an audit processing failure. | It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an... |
| V-258817 | Medium | The Photon operating system must require the change of at least eight characters when passwords are changed. | If the operating system allows the user to consecutively reuse extensive portions of passwords, this increases the chances of password compromise by increasing the window of opportunity for... |
| V-258816 | Medium | The Photon operating system must enforce password complexity by requiring that at least one numeric character be used. | Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in... |
| V-258815 | Medium | The Photon operating system must enforce password complexity by requiring that at least one lowercase character be used. | Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in... |
| V-258814 | Medium | The Photon operating system must enforce password complexity by requiring that at least one uppercase character be used. | Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in... |
| V-258899 | Medium | The Photon operating system must generate audit records for all access and modifications to the opasswd file. | Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. |
| V-258898 | Medium | The Photon operating system must disable systemd fallback DNS. | Systemd contains an ability to set fallback DNS servers, which is used for DNS lookups in the event no system level DNS servers are configured or other DNS servers are specified in the Systemd... |
| V-258893 | Medium | The Photon operating system must not perform IPv4 packet forwarding. | Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be... |
| V-258892 | Medium | The Photon operating system must use a reverse-path filter for IPv4 network traffic. | Enabling reverse path filtering drops packets with source addresses that should not have been able to be received on the interface they were received on. It should not be used on systems that are... |
| V-258891 | Medium | The Photon operating system must log IPv4 packets with impossible addresses. | The presence of "martian" packets (which have impossible addresses) as well as spoofed packets, source-routed packets, and redirects could be a sign of nefarious network activity. Logging these... |
| V-258890 | Medium | The Photon operating system must not send IPv4 Internet Control Message Protocol (ICMP) redirects. | ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table, possibly... |
| V-258897 | Medium | The Photon operating system must enforce password complexity on the root account. | Password complexity rules must apply to all accounts on the system, including root. Without specifying the enforce_for_root flag, pam_pwquality does not apply complexity rules to the root user.... |
| V-258896 | Medium | The Photon operating system must be configured to protect the Secure Shell (SSH) private host key from unauthorized access. | If an unauthorized user obtains the private SSH host key file, the host could be impersonated. |
| V-258895 | Medium | The Photon operating system must be configured to protect the Secure Shell (SSH) public host key from unauthorized modification. | If a public host key file is modified by an unauthorized user, the SSH service may be compromised. |
| V-258894 | Medium | The Photon operating system must send TCP timestamps. | TCP timestamps are used to provide protection against wrapped sequence numbers. It is possible to calculate system uptime (and boot time) by analyzing TCP timestamps. These calculated uptimes can... |
| V-258826 | Medium | The Photon operating system must not have duplicate User IDs (UIDs). | To ensure accountability and prevent unauthenticated access, organizational users must be uniquely identified and authenticated to prevent potential misuse and provide for nonrepudiation. |
| V-258827 | Medium | The Photon operating system must use mechanisms meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module. | Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DOD data may be... |
| V-258824 | Medium | The Photon operating system must require authentication upon booting into single-user and maintenance modes. | If the system does not require authentication before it boots into single-user mode, anyone with console access to the system can trivially access all files on the system. GRUB2 is the boot loader... |
| V-258825 | Medium | The Photon operating system must disable unnecessary kernel modules. | It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often... |
| V-258822 | Medium | The Photon operating system must prohibit password reuse for a minimum of five generations. | Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the... |
| V-258823 | Medium | The Photon operating system must enforce a minimum 15-character password length. | The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised.
Password complexity, or strength, is a measure of the... |
| V-258820 | Medium | The Photon operating system must enforce one day as the minimum password lifetime. | Enforcing a minimum password lifetime helps to prevent repeated password changes to defeat the password reuse or history enforcement requirement. If users are allowed to immediately and... |
| V-258821 | Medium | The Photon operating systems must enforce a 90-day maximum password lifetime restriction. | Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If the operating system does not limit the lifetime of passwords and force... |
| V-258828 | Medium | The Photon operating system must restrict access to the kernel message buffer. | Restricting access to the kernel message buffer limits access only to root. This prevents attackers from gaining additional system information as a nonprivileged user. |
| V-258829 | Medium | The Photon operating system must be configured to use TCP syncookies. | A TCP SYN flood attack can cause a Denial of Service (DOS) by filling a system's TCP connection table with connections in the SYN_RCVD state. Syncookies can be used to track a connection when a... |
| V-258838 | Medium | The Photon operating system must enforce password complexity by requiring that at least one special character be used. | Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity or strength is a measure of the effectiveness of a password in resisting... |
| V-258831 | Medium | The Photon operating system /var/log directory must be restricted. | Any operating system providing too much information in error messages risks compromising the data and security of the structure, and content of error messages needs to be carefully considered by... |
| V-258830 | Medium | The Photon operating system must terminate idle Secure Shell (SSH) sessions after 15 minutes. | Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port... |
| V-258833 | Medium | The Photon operating system must audit all account modifications. | Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to modify an... |
| V-258832 | Medium | The Photon operating system must reveal error messages only to authorized users. | Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the operating system or... |
| V-258834 | Medium | The Photon operating system must audit all account removal actions. | When operating system accounts are removed, user accessibility is affected. Accounts are utilized for identifying individual users or for identifying the operating system processes themselves. In... |
| V-258837 | Medium | The Photon operating system must protect audit tools from unauthorized access. | Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized... |
| V-258836 | Medium | The Photon operating system must initiate session audits at system startup. | If auditing is enabled late in the startup process, the actions of some startup processes may not be audited. Some audit systems also maintain state information only available if auditing is... |
| V-258848 | Medium | The Photon operating system must implement address space layout randomization to protect its memory from unauthorized code execution. | Some adversaries launch attacks with the intent of executing code in nonexecutable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory... |
| V-258849 | Medium | The Photon operating system must remove all software components after updated versions have been installed. | Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some information technology products... |
| V-258847 | Medium | The Photon operating system must require users to reauthenticate for privilege escalation. | Without reauthentication, users may access resources or perform tasks for which they do not have authorization.
When operating systems provide the capability to escalate a functional capability,... |
| V-258840 | Medium | The operating system must automatically terminate a user session after inactivity time-outs have expired. | Automatic session termination addresses the termination of user-initiated logical sessions in contrast to the termination of network connections that are associated with communications sessions... |
| V-258842 | Medium | The Photon operating system must audit the execution of privileged functions. | Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious... |
| V-258843 | Medium | The Photon operating system must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes occur. | By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account. |
| V-258868 | Medium | The Photon operating system must audit all account modifications. | Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to modify an... |
| V-258869 | Medium | The Photon operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt. | Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account. |
| V-258859 | Medium | The Photon operating system must prevent leaking information of the existence of a user account. | By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by... |
| V-258858 | Medium | The Photon operating system must be configured to use the pam_faillock.so module. | By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by... |
| V-258856 | Medium | The Photon operating system must define default permissions for all authenticated users in such a way that the user can only read and modify their own files. | Setting the most restrictive default permissions ensures that when new accounts are created they do not have unnecessary access. |
| V-258855 | Medium | The Photon operating system must ensure audit events are flushed to disk at proper intervals. | Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. To that... |
| V-258854 | Medium | The Photon operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt in login.defs. | Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account. |
| V-258853 | Medium | The Photon operating system must prevent the use of dictionary words for passwords. | If the operating system allows the user to select passwords based on dictionary words, then this increases the chances of password compromise by increasing the opportunity for successful guesses... |
| V-258851 | Medium | The Photon operating system must be configured to audit the loading and unloading of dynamic kernel modules. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an... |
| V-258850 | Medium | The Photon operating system must generate audit records when successful/unsuccessful logon attempts occur. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an... |
| V-258862 | Medium | The Photon operating system must persist lockouts between system reboots. | By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by... |
| V-258863 | Medium | The Photon operating system must be configured to use the pam_pwquality.so module. | Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in... |
| V-258860 | Medium | The Photon operating system must audit logon attempts for unknown users. | By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by... |
| V-258861 | Medium | The Photon operating system must include root when automatically locking an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. | By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by... |
| V-258866 | Medium | The Photon operating system must enable Secure Shell (SSH) authentication logging. | Automated monitoring of remote access sessions allows organizations to detect cyberattacks and ensure ongoing compliance with remote access policies by auditing connection activities.
The INFO... |
| V-258867 | Medium | The Photon operating system must terminate idle Secure Shell (SSH) sessions. | Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port... |
| V-258865 | Medium | The Photon operating system must configure the Secure Shell (SSH) SyslogFacility. | Automated monitoring of remote access sessions allows organizations to detect cyberattacks and ensure ongoing compliance with remote access policies by auditing connection activities.
Shipping... |
| V-258901 | Medium | The Photon operating system must enable the rsyslog service. | Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. |
| V-258903 | Medium | The Photon operating system must enable hardlink access control protection in the kernel. | By enabling the fs.protected_hardlinks kernel parameter, users can no longer create soft or hard links to files they do not own. Disallowing such hardlinks mitigate vulnerabilities based on... |
| V-258902 | Medium | The Photon operating system must be configured to use the pam_pwhistory.so module. | Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the... |
| V-258904 | Medium | The Photon operating system must restrict core dumps. | By enabling the fs.suid_dumpable kernel parameter, core dumps are not generated for setuid or otherwise protected/tainted binaries. This prevents users from potentially accessing core dumps with... |
| V-258875 | Medium | The Photon operating system must configure Secure Shell (SSH) to disable X11 forwarding. | X11 is an older, insecure graphics forwarding protocol. It is not used by Photon and should be disabled as a general best practice to limit attack surface area and communication channels. |
| V-258874 | Medium | The Photon operating system must configure Secure Shell (SSH) to disallow Generic Security Service Application Program Interface (GSSAPI) authentication. | GSSAPI authentication is used to provide additional authentication mechanisms to applications. Allowing GSSAPI authentication through Secure Shell (SSH) exposes the system's GSSAPI to remote... |
| V-258877 | Medium | The Photon operating system must configure Secure Shell (SSH) to disallow Kerberos authentication. | If Kerberos is enabled through SSH, sshd provides a means of access to the system's Kerberos implementation. Vulnerabilities in the system's Kerberos implementation may then be subject to... |
| V-258876 | Medium | The Photon operating system must configure Secure Shell (SSH) to perform strict mode checking of home directory configuration files. | If other users have access to modify user-specific SSH configuration files, they may be able to log on to the system as another user. |
| V-258873 | Medium | The Photon operating system must disable the debug-shell service. | The debug-shell service is intended to diagnose systemd related boot issues with various systemctl commands. Once enabled and following a system reboot, the root shell will be available on tty9.... |
| V-258872 | Medium | The Photon operating system must create a home directory for all new local interactive user accounts. | If local interactive users are not assigned a valid home directory, there is no place for the storage and control of files they should own. |
| V-258879 | Medium | The Photon operating system must configure Secure Shell (SSH) to display the last login immediately after authentication. | Providing users with feedback on the last time they logged on via SSH facilitates user recognition and reporting of unauthorized account use. |
| V-258878 | Medium | The Photon operating system must configure Secure Shell (SSH) to disallow compression of the encrypted session stream. | If compression is allowed in an SSH connection prior to authentication, vulnerabilities in the compression software could result in compromise of the system from an unauthenticated connection. |
| V-258804 | Low | The Photon operating system must limit the number of concurrent sessions to ten for all accounts and/or account types. | Operating system management includes the ability to control the number of users and user sessions that utilize an operating system. Limiting the number of allowed users and sessions per user is... |
| V-258844 | Low | The Photon operating system must allocate audit record storage capacity to store audit records when audit records are not immediately sent to a central audit record storage facility. | Audit logs are most useful when accessible by date, rather than size. This can be accomplished through a combination of an audit log rotation and setting a reasonable number of logs to keep. This... |
| V-258845 | Low | The Photon operating system must immediately notify the SA and ISSO when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity. | If security personnel are not notified immediately when storage volume reaches 75 percent utilization, they are unable to plan for audit record storage capacity expansion. |
