Содержание
Скачать 2.18 Mb.
|
| Comply | ||
| 6,190 | Operating system releases more than one release removed from the current release (Service Pack) SHALL NOT be used. | Comply |
| 6,191 | All systems SHALL display the appropriate proprietary message and warning upon login. | Comply |
| 6,192 | The “Guest” account SHALL remain disabled (this is the default setting). | Comply |
| 6,193 | The Guest and Install Administrator accounts SHALL be disabled, renamed and have a unique password defined. | Comply |
| 6,194 | Systems SHALL be set up with a 32 bit password protected screensaver enabled by default. | Comply |
| 6,195 | Systems SHALL be set to “Prompt for password on resume from hibernate/suspend”. | Comply |
| 6,196 | The default “Administrator” account SHALL be renamed to something other "Administrator". | Comply |
| 6,197 | A new dummy account called “Administrator” SHALL then be created, with a complex password and no rights and then be disabled. | Comply |
| 6,198 | Authentication Using Passwords | Comply |
| 6,199 | The “Maximum Password Age” SHALL be settable to no more than 180 days or six (6) calendar months. | Comply |
| 6,200 | The “Minimum Password Age” SHALL be set to “Allow Changes Immediately”. | Comply |
| 6,201 | In the “Minimum Password Length” box, “At Least x Characters” SHALL be set to at least 8. | Comply |
| 6,202 | The “Password Uniqueness” SHALL be set to at least “remember 12 passwords”. | Comply |
| 6,203 | “Account lockout” SHALL be set after no more than 9 bad attempts, with a reset after no less than 30 minutes. | Comply |
| 6,204 | “Lockout Duration” SHALL be configurable across the range 15 to 90 minutes. | Comply |
| 6,205 | “Lockout Duration” SHALL be configurable by authorized Administrative personnel. | Comply |
| 6,206 | If the “Hours” option is used to limit the entity’s access, the “forcibly disconnect remote entities from server when logon hours expire” option SHALL be selected. | Comply |
| 6,207 | Passwords on new accounts, or following an entity password reset by an administrator, SHALL be set to expire immediately, requiring the entity to change the password at the first login. | Comply |
| 6,208 | An account SHALL NOT be created where the password is the same as the account UserID. | Comply |
| 6,209 | The system SHALL enforce at least the following password format structure: at least one numeric, at least one alpha character, and SHALL NOT contain the account UserID in the password. | Comply |
| 6,210 | Audit logging MUST be enabled for at least the following events: Logon and logoff - success and failure. | Comply |
| 6,211 | Audit logging MUST be enabled for at least the following events: File and object access – failure. | Comply |
| 6,212 | Audit logging MUST be enabled for at least the following events: Use of user rights – failure. | Comply |
| 6,213 | Audit logging MUST be enabled for at least the following events: User and Group Management - success and failure. | Comply |
| 6,214 | Audit logging MUST be enabled for at least the following events: Security Policy Changes - success and failure. | Comply |
| 6,215 | Audit logging MUST be enabled for at least the following events: System events - success and failure. | Comply |
| 6,216 | Audit logging MUST be enabled for at least the following events: Process tracking – failure. | Comply |
| 6,217 | Audit logging MUST be enabled for at least the following events: Additional events as needed . | Comply |
| 6,218 | Services and Subsystem Security | Comply |
| 6,219 | Only those services and subsystems that are absolutely required are allowed, all others SHALL be disabled. | Comply |
| 6,220 | Services or subsystems that SHALL be disabled are: Trivial File Transfer (TFTP). | Comply |
| 6,221 | Services or subsystems that SHALL be disabled are: Finger. | Comply |
| 6,222 | The following services SHALL NOT be used: Anonymous File Transfer Protocol (FTP), unless providing public information. | Comply |
| 6,223 | The following services SHALL NOT be used: Network Information System (NIS). However, NIS+ can be used. | Comply |
| 6,224 | The following services SHALL NOT be used: Network File System (NFS). | Comply |
| 6,225 | The following services SHALL NOT be used: Remote Access Service (RAS) Server. | Comply |
| 6,226 | The following services SHALL NOT be used: Berkeley Software Design (BSD™) r* commands. | Comply |
| 6,227 | The following services SHALL NOT be used: ECHO . | Comply |
| 6,228 | The following services SHALL NOT be used: Chargen. | Comply |
| 6,229 | FTP | Comply |
| 6,230 | If the FTP server service is needed, it SHALL be configured as follows: The appropriate notice SHALL be displayed upon connection. | Comply |
| 6,231 | If the FTP service needs to run on a system, it is recommended that it be assigned a complete disk partition as the FTP directory, rather than using a directory on a partition containing other information. | Comply |
| 6,232 | To help prevent denial of service attacks the FTP server MUST be configured for only a limited number of connections. | Comply |
| 6,233 | An FTP server SHALL display the appropriate proprietary banner and notice. | Comply |
| 6,234 | Hyper Text Transfer Protocol (HTTP) Server Service | Comply |
| 6,235 | To help prevent denial of service attacks the HTTP server MUST be configured for only a limited number of connections. | Comply |
| 6,236 | Redundancy and reliability have an impact on system availability and thus affect the security of the system. The following requirements apply to all located devices. | Comply |
| 6,237 | The device SHALL provide measures to combat common Denial of Service (DoS) attacks, notably TCP SYN flood and Smurf attacks. | Comply |
| 6,238 | The device MUST provide measures to mitigate Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks associated with control plane traffic. | Comply |
| 6,239 | The device SHALL support protection for control packets for each routing protocol against DDoS flood. | Comply |
| 6,240 | The device SHALL use separate queues for control packets for every control and routing protocol and implementation MUST be such that attacks on a particular type of control/routing traffic should not impact other control and routing traffic. | Comply |
| 6,241 | The device SHALL monitor unusual levels of control traffic and apply rate limits on per protocol basis. | Comply |
| 6,242 | In case of high CPU utilization, system elements SHALL ensure that authorized SNMP surveillance traffic and any other real time platform management interface have priority over all other traffic. |
Похожие:
 | Пояснительные записки, тематическое планирование и тексты учебных пособий Летней физико-математической школы. 2002 и 2003 гг | | Общие требования к первой (предквалификационной) и второй частям заявок (содержание, оформление, подача, изменение, отзыв) 15 |
| Общие требования к первой (предквалификационной) и второй частям заявок (содержание, оформление, подача, изменение, отзыв) 15 | | В соответствии с решением Совета депутатов г. Мурманска от 26. 12. 2006 года №30-357 «Об организации дошкольного образования и родительской... |
 | В соответствии с решением Совета депутатов г. Мурманска от 26. 12. 2006 года №30-357 «Об организации дошкольного образования и родительской... | | Научное содержание нир, оформленное по образцу научной публикации (объемом до 15 машинописных страниц, через 1,5 интервала) |
| Неправильное составление договора или неполное содержание влечёт за собой проблемы различного характера | | Разъяснения по выгрузке информации о прекращении банковской гарантии в иных, отличных от окончания срока гарантии случаях. 145 |
| Характеристики, структура и содержание Раздел Характеристики, структура и содержание учебной дисциплины | | Суть и содержание понятия «маркетинг». Цели, задачи, объект и предмет маркетинга. Эволюция содержания маркетинга |