From c778a1885cfa7691366310d7e24263ecf660ed7d Mon Sep 17 00:00:00 2001 From: kemley76 Date: Fri, 31 May 2024 09:46:26 -0400 Subject: [PATCH 01/74] use severity tag in hdf2ckl mapping Signed-off-by: kemley76 --- .../src/ckl-mapper/checklist-jsonix-converter.ts | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts b/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts index 51f86f05a2..4fa11ed7d7 100644 --- a/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts +++ b/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts @@ -576,7 +576,14 @@ export class ChecklistJsonixConverter extends JsonixIntermediateConverter< } } - severityMap(impact: number): Severity { + severityMap(impact: number, severityTag: string): Severity { + severityTag = severityTag.toLowerCase(); + if ( + severityTag != '' && + (Object.values(Severity) as string[]).includes(severityTag) + ) { + return severityTag as Severity; + } if (impact < 0.4) { return Severity.Low; } else if (impact < 0.7) { @@ -686,7 +693,10 @@ export class ChecklistJsonixConverter extends JsonixIntermediateConverter< metadata?.vulidmapping === 'gid' ? _.get(control.tags, 'gid', defaultId) : defaultId, - severity: this.severityMap(control.impact), + severity: this.severityMap( + control.impact, + _.get(control.tags, 'severity') + ), groupTitle: _.get(control.tags, 'gtitle', defaultId), ruleId: _.get(control.tags, 'rid', defaultId), ruleVer: _.get(control.tags, 'stig_id', defaultId), From 209a77b360d286120e857ad0a26c6ef5983c5cbf Mon Sep 17 00:00:00 2001 From: kemley76 Date: Fri, 31 May 2024 10:12:36 -0400 Subject: [PATCH 02/74] use default values in severity check Signed-off-by: kemley76 --- .../src/ckl-mapper/checklist-jsonix-converter.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts b/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts index 4fa11ed7d7..30da709ab5 100644 --- a/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts +++ b/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts @@ -579,7 +579,7 @@ export class ChecklistJsonixConverter extends JsonixIntermediateConverter< severityMap(impact: number, severityTag: string): Severity { severityTag = severityTag.toLowerCase(); if ( - severityTag != '' && + severityTag != Severity.Empty && (Object.values(Severity) as string[]).includes(severityTag) ) { return severityTag as Severity; @@ -695,7 +695,7 @@ export class ChecklistJsonixConverter extends JsonixIntermediateConverter< : defaultId, severity: this.severityMap( control.impact, - _.get(control.tags, 'severity') + _.get(control.tags, 'severity', Severity.Empty) ), groupTitle: _.get(control.tags, 'gtitle', defaultId), ruleId: _.get(control.tags, 'rid', defaultId), From ac6c3783c0318acbc6a5481b3ac4da0f4a596526 Mon Sep 17 00:00:00 2001 From: kemley76 Date: Fri, 31 May 2024 12:39:43 -0400 Subject: [PATCH 03/74] update hdf2ckl test Signed-off-by: kemley76 --- .../converted-rhel8_sample_oneOfEachControlStatus.ckl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libs/hdf-converters/sample_jsons/checklist_mapper/converted-rhel8_sample_oneOfEachControlStatus.ckl b/libs/hdf-converters/sample_jsons/checklist_mapper/converted-rhel8_sample_oneOfEachControlStatus.ckl index a45b0dcdc0..c8b848b6c7 100644 --- a/libs/hdf-converters/sample_jsons/checklist_mapper/converted-rhel8_sample_oneOfEachControlStatus.ckl +++ b/libs/hdf-converters/sample_jsons/checklist_mapper/converted-rhel8_sample_oneOfEachControlStatus.ckl @@ -377,7 +377,7 @@ expected: "2.9-9.el8_6" Severity - low + high Group_Title From d6c6d50c234f33a77b4ea0d3f24bd79aebb00de7 Mon Sep 17 00:00:00 2001 From: kemley76 Date: Wed, 5 Jun 2024 11:56:39 -0400 Subject: [PATCH 04/74] fix inconsistencies with how severity is computed and displayed Signed-off-by: kemley76 --- .../cards/controltable/ControlRowDetails.vue | 2 +- .../cards/controltable/ControlRowHeader.vue | 14 +++++++++++++- .../components/cards/controltable/ControlTable.vue | 10 ++++------ .../src/ckl-mapper/checklist-jsonix-converter.ts | 2 +- .../src/ckl-mapper/checklist-mapper.ts | 1 + libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts | 4 ++++ 6 files changed, 24 insertions(+), 9 deletions(-) diff --git a/apps/frontend/src/components/cards/controltable/ControlRowDetails.vue b/apps/frontend/src/components/cards/controltable/ControlRowDetails.vue index 3e73e447fe..339ae8904d 100644 --- a/apps/frontend/src/components/cards/controltable/ControlRowDetails.vue +++ b/apps/frontend/src/components/cards/controltable/ControlRowDetails.vue @@ -253,7 +253,7 @@ export default class ControlRowDetails extends mixins(HtmlSanitizeMixin) { } return Array.from(detailsMap, ([name, value]) => ({name, value})).filter( - (v) => v.value + (v) => v.value !== undefined ); } diff --git a/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue b/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue index db88d9cf85..062f4bc921 100644 --- a/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue +++ b/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue @@ -43,7 +43,7 @@
@@ -205,6 +205,18 @@ export default class ControlRowHeader extends mixins(HtmlSanitizeMixin) { ); } + impact_arrow_count(impact: number): number { + if (impact < 0.1) + return 0; + if (impact < 0.4) + return 1; + if (impact < 0.7) + return 2; + if (impact < 0.9) + return 3; + return 4; + } + severity_arrow_count(severity: string): number { switch (severity) { case 'low': diff --git a/apps/frontend/src/components/cards/controltable/ControlTable.vue b/apps/frontend/src/components/cards/controltable/ControlTable.vue index c23f4b58dc..000d22dde2 100644 --- a/apps/frontend/src/components/cards/controltable/ControlTable.vue +++ b/apps/frontend/src/components/cards/controltable/ControlTable.vue @@ -166,9 +166,9 @@ interface ListElt { filename: string; - // Computed values for status and severity "value", for sorting + // Computed values for status and impact, for sorting status_val: number; - severity_val: number; + impact_val: number; control: ContextualizedControl; } @@ -361,9 +361,7 @@ export default class ControlTable extends Vue { 'Profile Error', 'Failed' ].indexOf(d.root.hdf.status), - severity_val: ['none', 'low', 'medium', 'high', 'critical'].indexOf( - d.root.hdf.severity - ), + impact_val: d.root.data.impact, filename: _.get( d, 'sourcedFrom.sourcedFrom.from_file.filename' @@ -401,7 +399,7 @@ export default class ControlTable extends Vue { this.sortSeverity === 'ascending' || this.sortSeverity === 'descending' ) { - cmp = (a: ListElt, b: ListElt) => a.severity_val - b.severity_val; + cmp = (a: ListElt, b: ListElt) => a.impact_val - b.impact_val; if (this.sortSeverity === 'ascending') { factor = -1; } diff --git a/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts b/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts index 30da709ab5..1ad1da0f72 100644 --- a/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts +++ b/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts @@ -579,7 +579,7 @@ export class ChecklistJsonixConverter extends JsonixIntermediateConverter< severityMap(impact: number, severityTag: string): Severity { severityTag = severityTag.toLowerCase(); if ( - severityTag != Severity.Empty && + severityTag !== Severity.Empty && (Object.values(Severity) as string[]).includes(severityTag) ) { return severityTag as Severity; diff --git a/libs/hdf-converters/src/ckl-mapper/checklist-mapper.ts b/libs/hdf-converters/src/ckl-mapper/checklist-mapper.ts index f768fa48ff..486a64c8c5 100644 --- a/libs/hdf-converters/src/ckl-mapper/checklist-mapper.ts +++ b/libs/hdf-converters/src/ckl-mapper/checklist-mapper.ts @@ -406,6 +406,7 @@ export class ChecklistMapper extends BaseConverter { path: 'cciRef', transformer: nistTag }, + severity: {path: 'severity'}, weight: {path: 'weight'}, // following transform takes the available attributes found in a checklist vuln and if available will add to the tags. // first element is the label name as it will appear in UI while the second is the ChecklistObject keyname diff --git a/libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts b/libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts index 4b35123c81..c506e1e079 100644 --- a/libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts +++ b/libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts @@ -164,6 +164,10 @@ abstract class HDFControl10 implements HDFControl { private static compute_severity( raw: ResultControl_1_0 | ProfileControl_1_0 ): Severity { + if (['none', 'low', 'medium', 'high', 'critical'].includes(raw.tags['severity'])) { + return raw.tags['severity']; + } + if (raw.impact < 0.1) { return 'none'; } else if (raw.impact < 0.4) { From e0f18f2b285fee96e4ed29ae3ca4433fa6c061b7 Mon Sep 17 00:00:00 2001 From: kemley76 Date: Wed, 5 Jun 2024 11:57:42 -0400 Subject: [PATCH 05/74] linting Signed-off-by: kemley76 --- .../cards/controltable/ControlRowHeader.vue | 12 ++++-------- libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts | 6 +++++- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue b/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue index 062f4bc921..21ed91ef7d 100644 --- a/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue +++ b/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue @@ -206,14 +206,10 @@ export default class ControlRowHeader extends mixins(HtmlSanitizeMixin) { } impact_arrow_count(impact: number): number { - if (impact < 0.1) - return 0; - if (impact < 0.4) - return 1; - if (impact < 0.7) - return 2; - if (impact < 0.9) - return 3; + if (impact < 0.1) return 0; + if (impact < 0.4) return 1; + if (impact < 0.7) return 2; + if (impact < 0.9) return 3; return 4; } diff --git a/libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts b/libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts index c506e1e079..5003580f78 100644 --- a/libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts +++ b/libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts @@ -164,7 +164,11 @@ abstract class HDFControl10 implements HDFControl { private static compute_severity( raw: ResultControl_1_0 | ProfileControl_1_0 ): Severity { - if (['none', 'low', 'medium', 'high', 'critical'].includes(raw.tags['severity'])) { + if ( + ['none', 'low', 'medium', 'high', 'critical'].includes( + raw.tags['severity'] + ) + ) { return raw.tags['severity']; } From fa53293622ddb64966dc838758a56f8ba994fd3e Mon Sep 17 00:00:00 2001 From: kemley76 Date: Wed, 5 Jun 2024 12:19:11 -0400 Subject: [PATCH 06/74] add clarifying comments for severity computation Signed-off-by: kemley76 --- .../src/ckl-mapper/checklist-jsonix-converter.ts | 3 +++ libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts | 2 ++ 2 files changed, 5 insertions(+) diff --git a/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts b/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts index 1ad1da0f72..3a3c7f22f7 100644 --- a/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts +++ b/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts @@ -579,11 +579,14 @@ export class ChecklistJsonixConverter extends JsonixIntermediateConverter< severityMap(impact: number, severityTag: string): Severity { severityTag = severityTag.toLowerCase(); if ( + // test if this control has a valid severity tag severityTag !== Severity.Empty && (Object.values(Severity) as string[]).includes(severityTag) ) { return severityTag as Severity; } + + // otherwise, compute severity based on impact if (impact < 0.4) { return Severity.Low; } else if (impact < 0.7) { diff --git a/libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts b/libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts index 5003580f78..1c56c490f3 100644 --- a/libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts +++ b/libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts @@ -165,6 +165,7 @@ abstract class HDFControl10 implements HDFControl { raw: ResultControl_1_0 | ProfileControl_1_0 ): Severity { if ( + // use severity tag if it exists ['none', 'low', 'medium', 'high', 'critical'].includes( raw.tags['severity'] ) @@ -172,6 +173,7 @@ abstract class HDFControl10 implements HDFControl { return raw.tags['severity']; } + // otherwise, compute severity with impact if (raw.impact < 0.1) { return 'none'; } else if (raw.impact < 0.4) { From fb1093eb443d42e3f3bcec26087f1c5b832f8a4b Mon Sep 17 00:00:00 2001 From: kemley76 Date: Wed, 12 Jun 2024 09:29:03 -0400 Subject: [PATCH 07/74] update ckl2hdf tests --- .../checklist-RHEL8V1R3-hdf-with-raw.json | 385 +++++++- .../checklist-RHEL8V1R3-hdf.json | 385 +++++++- .../three_stig_checklist-hdf.json | 890 +++++++++++++++++- 3 files changed, 1647 insertions(+), 13 deletions(-) diff --git a/libs/hdf-converters/sample_jsons/checklist_mapper/checklist-RHEL8V1R3-hdf-with-raw.json b/libs/hdf-converters/sample_jsons/checklist_mapper/checklist-RHEL8V1R3-hdf-with-raw.json index 3740c4e6c5..33b2a33882 100644 --- a/libs/hdf-converters/sample_jsons/checklist_mapper/checklist-RHEL8V1R3-hdf-with-raw.json +++ b/libs/hdf-converters/sample_jsons/checklist_mapper/checklist-RHEL8V1R3-hdf-with-raw.json @@ -1,9 +1,9 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.1" + "release": "2.10.8" }, - "version": "2.10.1", + "version": "2.10.8", "statistics": {}, "profiles": [ { @@ -29,6 +29,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -69,6 +70,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -109,6 +111,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -149,6 +152,7 @@ "nist": [ "SC-28" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -189,6 +193,7 @@ "nist": [ "AC-8 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -229,6 +234,7 @@ "nist": [ "AC-8 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -269,6 +275,7 @@ "nist": [ "AC-8 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -309,6 +316,7 @@ "nist": [ "AC-17 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -349,6 +357,7 @@ "nist": [ "IA-5 (2) (b) (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -389,6 +398,7 @@ "nist": [ "IA-5 (2) (a) (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -429,6 +439,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -469,6 +480,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -509,6 +521,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -549,6 +562,7 @@ "nist": [ "AC-3" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -589,6 +603,7 @@ "nist": [ "AC-3" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -629,6 +644,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -669,6 +685,7 @@ "nist": [ "IA-7" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -709,6 +726,7 @@ "nist": [ "IA-7" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -749,6 +767,7 @@ "nist": [ "IA-7" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -789,6 +808,7 @@ "nist": [ "SC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -829,6 +849,7 @@ "nist": [ "SC-3" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -869,6 +890,7 @@ "nist": [ "SC-4" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -909,6 +931,7 @@ "nist": [ "SC-4" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -949,6 +972,7 @@ "nist": [ "SC-10" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -989,6 +1013,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1029,6 +1054,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1069,6 +1095,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1109,6 +1136,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1149,6 +1177,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1189,6 +1218,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1229,6 +1259,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1269,6 +1300,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1309,6 +1341,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1349,6 +1382,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1389,6 +1423,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1429,6 +1464,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1469,6 +1505,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1509,6 +1546,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1549,6 +1587,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1589,6 +1628,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1629,6 +1669,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1669,6 +1710,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1709,6 +1751,7 @@ "nist": [ "CM-3 (5)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1749,6 +1792,7 @@ "nist": [ "CM-5 (3)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1789,6 +1833,7 @@ "nist": [ "CM-5 (3)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1829,6 +1874,7 @@ "nist": [ "CM-5 (3)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1869,6 +1915,7 @@ "nist": [ "AC-3 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1909,6 +1956,7 @@ "nist": [ "AC-3 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1949,6 +1997,7 @@ "nist": [ "SC-4" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1989,6 +2038,7 @@ "nist": [ "SC-4" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2029,6 +2079,7 @@ "nist": [ "IA-11" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2069,6 +2120,7 @@ "nist": [ "IA-11" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2109,6 +2161,7 @@ "nist": [ "IA-2 (11)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2149,6 +2202,7 @@ "nist": [ "IA-2 (11)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2189,6 +2243,7 @@ "nist": [ "IA-2 (12)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2229,6 +2284,7 @@ "nist": [ "SI-16" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2269,6 +2325,7 @@ "nist": [ "SC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2309,6 +2366,7 @@ "nist": [ "SC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2349,6 +2407,7 @@ "nist": [ "SC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2389,6 +2448,7 @@ "nist": [ "SI-16" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2429,6 +2489,7 @@ "nist": [ "SI-2 (6)" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2469,6 +2530,7 @@ "nist": [ "SI-6 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2509,6 +2571,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2549,6 +2612,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2589,6 +2653,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2629,6 +2694,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2669,6 +2735,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2709,6 +2776,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2749,6 +2817,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2789,6 +2858,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2829,6 +2899,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2869,6 +2940,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2909,6 +2981,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2949,6 +3022,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2989,6 +3063,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3029,6 +3104,7 @@ "nist": [ "IA-2 (5)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3069,6 +3145,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3109,6 +3186,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3149,6 +3227,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3189,6 +3268,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3229,6 +3309,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3269,6 +3350,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3309,6 +3391,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3349,6 +3432,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3389,6 +3473,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3429,6 +3514,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3469,6 +3555,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3509,6 +3596,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3549,6 +3637,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3589,6 +3678,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3629,6 +3719,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3669,6 +3760,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3709,6 +3801,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3749,6 +3842,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3789,6 +3883,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3829,6 +3924,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3869,6 +3965,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3909,6 +4006,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3949,6 +4047,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3989,6 +4088,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4029,6 +4129,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4069,6 +4170,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4109,6 +4211,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4149,6 +4252,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4189,6 +4293,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4229,6 +4334,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4269,6 +4375,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4309,6 +4416,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4349,6 +4457,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4389,6 +4498,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4429,6 +4539,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4469,6 +4580,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4509,6 +4621,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4549,6 +4662,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4589,6 +4703,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4629,6 +4744,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4669,6 +4785,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4709,6 +4826,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4749,6 +4867,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4789,6 +4908,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4829,6 +4949,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4869,6 +4990,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4909,6 +5031,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4949,6 +5072,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4989,6 +5113,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5029,6 +5154,7 @@ "nist": [ "AC-10" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5069,6 +5195,7 @@ "nist": [ "AC-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5109,6 +5236,7 @@ "nist": [ "AC-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5149,6 +5277,7 @@ "nist": [ "AC-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5189,6 +5318,7 @@ "nist": [ "AC-11 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5229,6 +5359,7 @@ "nist": [ "AC-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5269,6 +5400,7 @@ "nist": [ "AC-11 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5309,6 +5441,7 @@ "nist": [ "AC-11 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5349,6 +5482,7 @@ "nist": [ "AC-11 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5389,6 +5523,7 @@ "nist": [ "IA-5 (2) (a) (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5429,6 +5564,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5469,6 +5605,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5509,6 +5646,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5549,6 +5687,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5589,6 +5728,7 @@ "nist": [ "IA-5 (1) (b)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5629,6 +5769,7 @@ "nist": [ "IA-5 (1) (b)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5669,6 +5810,7 @@ "nist": [ "IA-5 (1) (b)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5709,6 +5851,7 @@ "nist": [ "IA-5 (1) (b)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5749,6 +5892,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5789,6 +5933,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5829,6 +5974,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5869,6 +6015,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5909,6 +6056,7 @@ "nist": [ "IA-5 (1) (e)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5949,6 +6097,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5989,6 +6138,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6029,6 +6179,7 @@ "nist": [ "IA-2" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6069,6 +6220,7 @@ "nist": [ "IA-2 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6109,6 +6261,7 @@ "nist": [ "IA-4 e" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6149,6 +6302,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6189,6 +6343,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6229,6 +6384,7 @@ "nist": [ "IA-5 (13)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6269,6 +6425,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6309,6 +6466,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6349,6 +6507,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6389,6 +6548,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6429,6 +6589,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6469,6 +6630,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6509,6 +6671,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6549,6 +6712,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6589,6 +6753,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6629,6 +6794,7 @@ "nist": [ "AC-6 (8)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6669,6 +6835,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6709,6 +6876,7 @@ "nist": [ "AU-5 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6749,6 +6917,7 @@ "nist": [ "AU-5 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6789,6 +6958,7 @@ "nist": [ "AU-5 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6829,6 +6999,7 @@ "nist": [ "AU-5 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6869,6 +7040,7 @@ "nist": [ "AU-5 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6909,6 +7081,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6949,6 +7122,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6989,6 +7163,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7029,6 +7204,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7069,6 +7245,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7109,6 +7286,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7149,6 +7327,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7189,6 +7368,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7229,6 +7409,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7269,6 +7450,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7309,6 +7491,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7349,6 +7532,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7389,6 +7573,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7429,6 +7614,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7469,6 +7655,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7509,6 +7696,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7549,6 +7737,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7589,6 +7778,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7629,6 +7819,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7669,6 +7860,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7709,6 +7901,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7749,6 +7942,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7789,6 +7983,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7829,6 +8024,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7869,6 +8065,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7909,6 +8106,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7949,6 +8147,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7989,6 +8188,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8029,6 +8229,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8069,6 +8270,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8109,6 +8311,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8149,6 +8352,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8189,6 +8393,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8229,6 +8434,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8269,6 +8475,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8309,6 +8516,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8349,6 +8557,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8389,6 +8598,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8429,6 +8639,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8469,6 +8680,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8509,6 +8721,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8549,6 +8762,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8589,6 +8803,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8629,6 +8844,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8669,6 +8885,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8709,6 +8926,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8749,6 +8967,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8789,6 +9008,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8829,6 +9049,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8869,6 +9090,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8909,6 +9131,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8949,6 +9172,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8989,6 +9213,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9029,6 +9254,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9069,6 +9295,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9109,6 +9336,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9149,6 +9377,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9189,6 +9418,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9229,6 +9459,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9269,6 +9500,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9309,6 +9541,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9349,6 +9582,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9389,6 +9623,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9429,6 +9664,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9469,6 +9705,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9509,6 +9746,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9549,6 +9787,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9589,6 +9828,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9629,6 +9869,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9669,6 +9910,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9709,6 +9951,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9749,6 +9992,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9789,6 +10033,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9829,6 +10074,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9869,6 +10115,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9909,6 +10156,7 @@ "nist": [ "AU-12 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9949,6 +10197,7 @@ "nist": [ "AU-4" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9989,6 +10238,7 @@ "nist": [ "AU-12 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10029,6 +10279,7 @@ "nist": [ "AU-12 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10069,6 +10320,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10109,6 +10361,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10149,6 +10402,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10189,6 +10443,7 @@ "nist": [ "AU-9 (3)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10229,6 +10484,7 @@ "nist": [ "AU-4" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10269,6 +10525,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10309,6 +10566,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10349,6 +10607,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10389,6 +10648,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10429,6 +10689,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10469,6 +10730,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10509,6 +10771,7 @@ "nist": [ "AU-5 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10549,6 +10812,7 @@ "nist": [ "AU-8 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10589,6 +10853,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10629,6 +10894,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10669,6 +10935,7 @@ "nist": [ "CM-7 a" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10709,6 +10976,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10749,6 +11017,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10789,6 +11058,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10829,6 +11099,7 @@ "nist": [ "CM-7 a" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10869,6 +11140,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10909,6 +11181,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10949,6 +11222,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10989,6 +11263,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11029,6 +11304,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11069,6 +11345,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11109,6 +11386,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11149,6 +11427,7 @@ "nist": [ "CM-7 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11189,6 +11468,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11229,6 +11509,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11269,6 +11550,7 @@ "nist": [ "AC-17 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11309,6 +11591,7 @@ "nist": [ "AC-17 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11349,6 +11632,7 @@ "nist": [ "AC-18 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11389,6 +11673,7 @@ "nist": [ "AC-18 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11429,6 +11714,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11469,6 +11755,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11509,6 +11796,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11549,6 +11837,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11589,6 +11878,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11629,6 +11919,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11669,6 +11960,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11709,6 +12001,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11749,6 +12042,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11789,6 +12083,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11829,6 +12124,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11869,6 +12165,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11909,6 +12206,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11949,6 +12247,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11989,6 +12288,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12029,6 +12329,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12069,6 +12370,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12109,6 +12411,7 @@ "nist": [ "SC-5 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12149,6 +12452,7 @@ "nist": [ "SC-8" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12189,6 +12493,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12229,6 +12534,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12269,6 +12575,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12309,6 +12616,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12349,6 +12657,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12389,6 +12698,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12429,6 +12739,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12469,6 +12780,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12509,6 +12821,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12549,6 +12862,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12589,6 +12903,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12629,6 +12944,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12669,6 +12985,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12709,6 +13026,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12749,6 +13067,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12789,6 +13108,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12829,6 +13149,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12869,6 +13190,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12909,6 +13231,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12949,6 +13272,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12989,6 +13313,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13029,6 +13354,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13069,6 +13395,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13109,6 +13436,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13149,6 +13477,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13189,6 +13518,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13229,6 +13559,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13269,6 +13600,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13309,6 +13641,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13349,6 +13682,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13389,6 +13723,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13429,6 +13764,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13469,6 +13805,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13509,6 +13846,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13549,6 +13887,7 @@ "nist": [ "IA-7" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13589,6 +13928,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13629,6 +13969,7 @@ "nist": [ "AC-6 (5)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13669,6 +14010,7 @@ "nist": [ "IA-11" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13709,6 +14051,7 @@ "nist": [ "AC-8 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13749,6 +14092,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13789,6 +14133,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13829,6 +14174,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13869,6 +14215,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13909,6 +14256,7 @@ "nist": [ "IA-7" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13949,6 +14297,7 @@ "nist": [ "SC-10" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13989,6 +14338,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14029,6 +14379,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14069,6 +14420,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14109,6 +14461,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14149,6 +14502,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14189,6 +14543,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14229,6 +14584,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14269,6 +14625,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14309,6 +14666,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14349,6 +14707,7 @@ "nist": [ "AC-11 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14389,6 +14748,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14429,6 +14789,7 @@ "nist": [ "AC-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14469,6 +14830,7 @@ "nist": [ "AC-11 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14509,6 +14871,7 @@ "nist": [ "AC-11 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14549,6 +14912,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14589,6 +14953,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14629,6 +14994,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14669,6 +15035,7 @@ "nist": [ "AU-5 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14709,6 +15076,7 @@ "nist": [ "AC-17 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14749,6 +15117,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14789,6 +15158,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14829,6 +15199,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14869,6 +15240,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14909,6 +15281,7 @@ "nist": [ "SC-8" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14949,6 +15322,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14989,6 +15363,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -15029,6 +15404,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -15069,6 +15445,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -15109,6 +15486,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -15149,6 +15527,7 @@ "nist": [ "SI-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -15178,7 +15557,7 @@ ] } ], - "sha256": "26f379f219eaff4c05580e7e4524d88f106f588d65426733aeeebb4e1ff6b3f1" + "sha256": "08034dcfc6ba3541b6d167c9cbaa8e4b67683e70414542af441959d2ee3be74c" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/checklist_mapper/checklist-RHEL8V1R3-hdf.json b/libs/hdf-converters/sample_jsons/checklist_mapper/checklist-RHEL8V1R3-hdf.json index 3740c4e6c5..33b2a33882 100644 --- a/libs/hdf-converters/sample_jsons/checklist_mapper/checklist-RHEL8V1R3-hdf.json +++ b/libs/hdf-converters/sample_jsons/checklist_mapper/checklist-RHEL8V1R3-hdf.json @@ -1,9 +1,9 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.1" + "release": "2.10.8" }, - "version": "2.10.1", + "version": "2.10.8", "statistics": {}, "profiles": [ { @@ -29,6 +29,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -69,6 +70,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -109,6 +111,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -149,6 +152,7 @@ "nist": [ "SC-28" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -189,6 +193,7 @@ "nist": [ "AC-8 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -229,6 +234,7 @@ "nist": [ "AC-8 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -269,6 +275,7 @@ "nist": [ "AC-8 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -309,6 +316,7 @@ "nist": [ "AC-17 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -349,6 +357,7 @@ "nist": [ "IA-5 (2) (b) (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -389,6 +398,7 @@ "nist": [ "IA-5 (2) (a) (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -429,6 +439,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -469,6 +480,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -509,6 +521,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -549,6 +562,7 @@ "nist": [ "AC-3" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -589,6 +603,7 @@ "nist": [ "AC-3" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -629,6 +644,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -669,6 +685,7 @@ "nist": [ "IA-7" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -709,6 +726,7 @@ "nist": [ "IA-7" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -749,6 +767,7 @@ "nist": [ "IA-7" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -789,6 +808,7 @@ "nist": [ "SC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -829,6 +849,7 @@ "nist": [ "SC-3" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -869,6 +890,7 @@ "nist": [ "SC-4" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -909,6 +931,7 @@ "nist": [ "SC-4" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -949,6 +972,7 @@ "nist": [ "SC-10" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -989,6 +1013,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1029,6 +1054,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1069,6 +1095,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1109,6 +1136,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1149,6 +1177,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1189,6 +1218,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1229,6 +1259,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1269,6 +1300,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1309,6 +1341,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1349,6 +1382,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1389,6 +1423,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1429,6 +1464,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1469,6 +1505,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1509,6 +1546,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1549,6 +1587,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1589,6 +1628,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1629,6 +1669,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1669,6 +1710,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1709,6 +1751,7 @@ "nist": [ "CM-3 (5)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1749,6 +1792,7 @@ "nist": [ "CM-5 (3)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1789,6 +1833,7 @@ "nist": [ "CM-5 (3)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1829,6 +1874,7 @@ "nist": [ "CM-5 (3)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1869,6 +1915,7 @@ "nist": [ "AC-3 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1909,6 +1956,7 @@ "nist": [ "AC-3 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1949,6 +1997,7 @@ "nist": [ "SC-4" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1989,6 +2038,7 @@ "nist": [ "SC-4" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2029,6 +2079,7 @@ "nist": [ "IA-11" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2069,6 +2120,7 @@ "nist": [ "IA-11" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2109,6 +2161,7 @@ "nist": [ "IA-2 (11)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2149,6 +2202,7 @@ "nist": [ "IA-2 (11)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2189,6 +2243,7 @@ "nist": [ "IA-2 (12)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2229,6 +2284,7 @@ "nist": [ "SI-16" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2269,6 +2325,7 @@ "nist": [ "SC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2309,6 +2366,7 @@ "nist": [ "SC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2349,6 +2407,7 @@ "nist": [ "SC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2389,6 +2448,7 @@ "nist": [ "SI-16" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2429,6 +2489,7 @@ "nist": [ "SI-2 (6)" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2469,6 +2530,7 @@ "nist": [ "SI-6 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2509,6 +2571,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2549,6 +2612,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2589,6 +2653,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2629,6 +2694,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2669,6 +2735,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2709,6 +2776,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2749,6 +2817,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2789,6 +2858,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2829,6 +2899,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2869,6 +2940,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2909,6 +2981,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2949,6 +3022,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2989,6 +3063,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3029,6 +3104,7 @@ "nist": [ "IA-2 (5)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3069,6 +3145,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3109,6 +3186,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3149,6 +3227,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3189,6 +3268,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3229,6 +3309,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3269,6 +3350,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3309,6 +3391,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3349,6 +3432,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3389,6 +3473,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3429,6 +3514,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3469,6 +3555,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3509,6 +3596,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3549,6 +3637,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3589,6 +3678,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3629,6 +3719,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3669,6 +3760,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3709,6 +3801,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3749,6 +3842,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3789,6 +3883,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3829,6 +3924,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3869,6 +3965,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3909,6 +4006,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3949,6 +4047,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3989,6 +4088,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4029,6 +4129,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4069,6 +4170,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4109,6 +4211,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4149,6 +4252,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4189,6 +4293,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4229,6 +4334,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4269,6 +4375,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4309,6 +4416,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4349,6 +4457,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4389,6 +4498,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4429,6 +4539,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4469,6 +4580,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4509,6 +4621,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4549,6 +4662,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4589,6 +4703,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4629,6 +4744,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4669,6 +4785,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4709,6 +4826,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4749,6 +4867,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4789,6 +4908,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4829,6 +4949,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4869,6 +4990,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4909,6 +5031,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4949,6 +5072,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4989,6 +5113,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5029,6 +5154,7 @@ "nist": [ "AC-10" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5069,6 +5195,7 @@ "nist": [ "AC-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5109,6 +5236,7 @@ "nist": [ "AC-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5149,6 +5277,7 @@ "nist": [ "AC-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5189,6 +5318,7 @@ "nist": [ "AC-11 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5229,6 +5359,7 @@ "nist": [ "AC-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5269,6 +5400,7 @@ "nist": [ "AC-11 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5309,6 +5441,7 @@ "nist": [ "AC-11 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5349,6 +5482,7 @@ "nist": [ "AC-11 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5389,6 +5523,7 @@ "nist": [ "IA-5 (2) (a) (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5429,6 +5564,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5469,6 +5605,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5509,6 +5646,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5549,6 +5687,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5589,6 +5728,7 @@ "nist": [ "IA-5 (1) (b)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5629,6 +5769,7 @@ "nist": [ "IA-5 (1) (b)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5669,6 +5810,7 @@ "nist": [ "IA-5 (1) (b)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5709,6 +5851,7 @@ "nist": [ "IA-5 (1) (b)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5749,6 +5892,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5789,6 +5933,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5829,6 +5974,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5869,6 +6015,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5909,6 +6056,7 @@ "nist": [ "IA-5 (1) (e)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5949,6 +6097,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5989,6 +6138,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6029,6 +6179,7 @@ "nist": [ "IA-2" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6069,6 +6220,7 @@ "nist": [ "IA-2 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6109,6 +6261,7 @@ "nist": [ "IA-4 e" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6149,6 +6302,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6189,6 +6343,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6229,6 +6384,7 @@ "nist": [ "IA-5 (13)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6269,6 +6425,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6309,6 +6466,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6349,6 +6507,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6389,6 +6548,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6429,6 +6589,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6469,6 +6630,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6509,6 +6671,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6549,6 +6712,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6589,6 +6753,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6629,6 +6794,7 @@ "nist": [ "AC-6 (8)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6669,6 +6835,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6709,6 +6876,7 @@ "nist": [ "AU-5 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6749,6 +6917,7 @@ "nist": [ "AU-5 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6789,6 +6958,7 @@ "nist": [ "AU-5 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6829,6 +6999,7 @@ "nist": [ "AU-5 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6869,6 +7040,7 @@ "nist": [ "AU-5 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6909,6 +7081,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6949,6 +7122,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6989,6 +7163,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7029,6 +7204,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7069,6 +7245,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7109,6 +7286,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7149,6 +7327,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7189,6 +7368,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7229,6 +7409,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7269,6 +7450,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7309,6 +7491,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7349,6 +7532,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7389,6 +7573,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7429,6 +7614,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7469,6 +7655,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7509,6 +7696,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7549,6 +7737,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7589,6 +7778,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7629,6 +7819,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7669,6 +7860,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7709,6 +7901,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7749,6 +7942,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7789,6 +7983,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7829,6 +8024,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7869,6 +8065,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7909,6 +8106,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7949,6 +8147,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7989,6 +8188,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8029,6 +8229,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8069,6 +8270,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8109,6 +8311,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8149,6 +8352,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8189,6 +8393,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8229,6 +8434,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8269,6 +8475,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8309,6 +8516,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8349,6 +8557,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8389,6 +8598,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8429,6 +8639,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8469,6 +8680,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8509,6 +8721,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8549,6 +8762,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8589,6 +8803,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8629,6 +8844,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8669,6 +8885,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8709,6 +8926,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8749,6 +8967,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8789,6 +9008,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8829,6 +9049,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8869,6 +9090,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8909,6 +9131,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8949,6 +9172,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8989,6 +9213,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9029,6 +9254,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9069,6 +9295,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9109,6 +9336,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9149,6 +9377,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9189,6 +9418,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9229,6 +9459,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9269,6 +9500,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9309,6 +9541,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9349,6 +9582,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9389,6 +9623,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9429,6 +9664,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9469,6 +9705,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9509,6 +9746,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9549,6 +9787,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9589,6 +9828,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9629,6 +9869,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9669,6 +9910,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9709,6 +9951,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9749,6 +9992,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9789,6 +10033,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9829,6 +10074,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9869,6 +10115,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9909,6 +10156,7 @@ "nist": [ "AU-12 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9949,6 +10197,7 @@ "nist": [ "AU-4" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9989,6 +10238,7 @@ "nist": [ "AU-12 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10029,6 +10279,7 @@ "nist": [ "AU-12 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10069,6 +10320,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10109,6 +10361,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10149,6 +10402,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10189,6 +10443,7 @@ "nist": [ "AU-9 (3)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10229,6 +10484,7 @@ "nist": [ "AU-4" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10269,6 +10525,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10309,6 +10566,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10349,6 +10607,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10389,6 +10648,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10429,6 +10689,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10469,6 +10730,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10509,6 +10771,7 @@ "nist": [ "AU-5 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10549,6 +10812,7 @@ "nist": [ "AU-8 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10589,6 +10853,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10629,6 +10894,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10669,6 +10935,7 @@ "nist": [ "CM-7 a" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10709,6 +10976,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10749,6 +11017,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10789,6 +11058,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10829,6 +11099,7 @@ "nist": [ "CM-7 a" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10869,6 +11140,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10909,6 +11181,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10949,6 +11222,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10989,6 +11263,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11029,6 +11304,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11069,6 +11345,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11109,6 +11386,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11149,6 +11427,7 @@ "nist": [ "CM-7 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11189,6 +11468,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11229,6 +11509,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11269,6 +11550,7 @@ "nist": [ "AC-17 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11309,6 +11591,7 @@ "nist": [ "AC-17 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11349,6 +11632,7 @@ "nist": [ "AC-18 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11389,6 +11673,7 @@ "nist": [ "AC-18 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11429,6 +11714,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11469,6 +11755,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11509,6 +11796,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11549,6 +11837,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11589,6 +11878,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11629,6 +11919,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11669,6 +11960,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11709,6 +12001,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11749,6 +12042,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11789,6 +12083,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11829,6 +12124,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11869,6 +12165,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11909,6 +12206,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11949,6 +12247,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11989,6 +12288,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12029,6 +12329,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12069,6 +12370,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12109,6 +12411,7 @@ "nist": [ "SC-5 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12149,6 +12452,7 @@ "nist": [ "SC-8" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12189,6 +12493,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12229,6 +12534,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12269,6 +12575,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12309,6 +12616,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12349,6 +12657,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12389,6 +12698,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12429,6 +12739,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12469,6 +12780,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12509,6 +12821,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12549,6 +12862,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12589,6 +12903,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12629,6 +12944,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12669,6 +12985,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12709,6 +13026,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12749,6 +13067,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12789,6 +13108,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12829,6 +13149,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12869,6 +13190,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12909,6 +13231,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12949,6 +13272,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12989,6 +13313,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13029,6 +13354,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13069,6 +13395,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13109,6 +13436,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13149,6 +13477,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13189,6 +13518,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13229,6 +13559,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13269,6 +13600,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13309,6 +13641,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13349,6 +13682,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13389,6 +13723,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13429,6 +13764,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13469,6 +13805,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13509,6 +13846,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13549,6 +13887,7 @@ "nist": [ "IA-7" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13589,6 +13928,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13629,6 +13969,7 @@ "nist": [ "AC-6 (5)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13669,6 +14010,7 @@ "nist": [ "IA-11" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13709,6 +14051,7 @@ "nist": [ "AC-8 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13749,6 +14092,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13789,6 +14133,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13829,6 +14174,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13869,6 +14215,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13909,6 +14256,7 @@ "nist": [ "IA-7" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13949,6 +14297,7 @@ "nist": [ "SC-10" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13989,6 +14338,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14029,6 +14379,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14069,6 +14420,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14109,6 +14461,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14149,6 +14502,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14189,6 +14543,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14229,6 +14584,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14269,6 +14625,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14309,6 +14666,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14349,6 +14707,7 @@ "nist": [ "AC-11 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14389,6 +14748,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14429,6 +14789,7 @@ "nist": [ "AC-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14469,6 +14830,7 @@ "nist": [ "AC-11 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14509,6 +14871,7 @@ "nist": [ "AC-11 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14549,6 +14912,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14589,6 +14953,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14629,6 +14994,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14669,6 +15035,7 @@ "nist": [ "AU-5 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14709,6 +15076,7 @@ "nist": [ "AC-17 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14749,6 +15117,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14789,6 +15158,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14829,6 +15199,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14869,6 +15240,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14909,6 +15281,7 @@ "nist": [ "SC-8" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14949,6 +15322,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14989,6 +15363,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -15029,6 +15404,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -15069,6 +15445,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -15109,6 +15486,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -15149,6 +15527,7 @@ "nist": [ "SI-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -15178,7 +15557,7 @@ ] } ], - "sha256": "26f379f219eaff4c05580e7e4524d88f106f588d65426733aeeebb4e1ff6b3f1" + "sha256": "08034dcfc6ba3541b6d167c9cbaa8e4b67683e70414542af441959d2ee3be74c" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/checklist_mapper/three_stig_checklist-hdf.json b/libs/hdf-converters/sample_jsons/checklist_mapper/three_stig_checklist-hdf.json index 7c41b63abe..ecc40fe304 100644 --- a/libs/hdf-converters/sample_jsons/checklist_mapper/three_stig_checklist-hdf.json +++ b/libs/hdf-converters/sample_jsons/checklist_mapper/three_stig_checklist-hdf.json @@ -1,14 +1,14 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.1" + "release": "2.10.8" }, - "version": "2.10.1", + "version": "2.10.8", "statistics": {}, "profiles": [ { "name": "Parent Profile", - "version": "2.10.1", + "version": "2.10.8", "supports": [], "attributes": [], "groups": [], @@ -36,6 +36,7 @@ "nist": [ "CM-7 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -76,6 +77,7 @@ "nist": [ "CM-7 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -116,6 +118,7 @@ "nist": [ "AC-2 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -156,6 +159,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -196,6 +200,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -236,6 +241,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "low", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -276,6 +282,7 @@ "nist": [ "AC-2 (3) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -316,6 +323,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -356,6 +364,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -396,6 +405,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -436,6 +446,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -476,6 +487,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -516,6 +528,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -556,6 +569,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -596,6 +610,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -636,6 +651,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -676,6 +692,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -716,6 +733,7 @@ "nist": [ "AC-3 (7)" ], + "severity": "low", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -756,6 +774,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -796,6 +815,7 @@ "nist": [ "AC-7 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -836,6 +856,7 @@ "nist": [ "AU-3 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -876,6 +897,7 @@ "nist": [ "AU-3 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -916,6 +938,7 @@ "nist": [ "AU-3 c" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -956,6 +979,7 @@ "nist": [ "AU-3 d" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -996,6 +1020,7 @@ "nist": [ "AU-3 e" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1036,6 +1061,7 @@ "nist": [ "AU-3 f" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1076,6 +1102,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1116,6 +1143,7 @@ "nist": [ "AU-5 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1156,6 +1184,7 @@ "nist": [ "AU-5 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1196,6 +1225,7 @@ "nist": [ "AU-5 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1236,6 +1266,7 @@ "nist": [ "AU-8 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1276,6 +1307,7 @@ "nist": [ "AU-8 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1316,6 +1348,7 @@ "nist": [ "AU-8 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1358,6 +1391,7 @@ "CM-6 b", "AU-8 (1) (a)" ], + "severity": "low", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1400,6 +1434,7 @@ "CM-6 b", "AU-8 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1440,6 +1475,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1480,6 +1516,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1520,6 +1557,7 @@ "nist": [ "IA-2" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1560,6 +1598,7 @@ "nist": [ "IA-2 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1600,6 +1639,7 @@ "nist": [ "IA-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1640,6 +1680,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1680,6 +1721,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1720,6 +1762,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1760,6 +1803,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1800,6 +1844,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1840,6 +1885,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1880,6 +1926,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1920,6 +1967,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1960,6 +2008,7 @@ "nist": [ "IA-5 (1) (b)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2000,6 +2049,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2040,6 +2090,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2080,6 +2131,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2120,6 +2172,7 @@ "nist": [ "IA-5 (1) (e)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2160,6 +2213,7 @@ "nist": [ "IA-5 (1) (f)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2200,6 +2254,7 @@ "nist": [ "IA-5 (2) (b) (1)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2240,6 +2295,7 @@ "nist": [ "IA-5 (2) (b) (1)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2280,6 +2336,7 @@ "nist": [ "IA-5 (2) (a) (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2320,6 +2377,7 @@ "nist": [ "IA-5 (2) (a) (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2360,6 +2418,7 @@ "nist": [ "SC-28" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2400,6 +2459,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2440,6 +2500,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2480,6 +2541,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2520,6 +2582,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2560,6 +2623,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2600,6 +2664,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2640,6 +2705,7 @@ "nist": [ "CM-7 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2680,6 +2746,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2720,6 +2787,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2760,6 +2828,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2800,6 +2869,7 @@ "nist": [ "AC-10" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102427; SV-111371", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -2841,6 +2911,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102429; SV-111373", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -2882,6 +2953,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102431; SV-111375", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -2927,6 +2999,7 @@ "AC-17 (2)", "SC-8" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102433; SV-111547", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -2980,6 +3053,7 @@ "AU-12 a", "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102435; SV-111379", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3023,6 +3097,7 @@ "IA-5 (2) (a) (1)", "AC-3" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-102445; SV-111393", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3064,6 +3139,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102447; SV-111395", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3105,6 +3181,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102449; SV-111397", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3146,6 +3223,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102451; SV-111399", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3187,6 +3265,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102453; SV-111401", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3228,6 +3307,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102455; SV-111403", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3269,6 +3349,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102457; SV-111405", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3318,6 +3399,7 @@ "AU-12 c", "AU-3 f" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102603; SV-111549", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3359,6 +3441,7 @@ "nist": [ "AU-3 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102461; SV-111407", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3400,6 +3483,7 @@ "nist": [ "AU-3 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102463; SV-111409", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3441,6 +3525,7 @@ "nist": [ "AU-3 c" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102465; SV-111411", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3482,6 +3567,7 @@ "nist": [ "AU-3 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102467; SV-111413", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3523,6 +3609,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102469; SV-111415", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3564,6 +3651,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102471; SV-111417", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3607,6 +3695,7 @@ "AU-9 a", "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102473; SV-111419", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3650,6 +3739,7 @@ "AU-9 a", "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102605; SV-111551", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3691,6 +3781,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102477; SV-111421", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3737,6 +3828,7 @@ "AU-9", "AC-6 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102607; SV-111553", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3778,6 +3870,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102481; SV-111423", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3819,6 +3912,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102483; SV-111425", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3860,6 +3954,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102485; SV-111427", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3901,6 +3996,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102487; SV-111429", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3942,6 +4038,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102489; SV-111431", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3983,6 +4080,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102491; SV-111433", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4024,6 +4122,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102493; SV-111435", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4065,6 +4164,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102495; SV-111437", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4106,6 +4206,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102497; SV-111439", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4147,6 +4248,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102499; SV-111441", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4188,6 +4290,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102501; SV-111443", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4229,6 +4332,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102503; SV-111445", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4270,6 +4374,7 @@ "nist": [ "CM-7 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102505; SV-111447", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4311,6 +4416,7 @@ "nist": [ "IA-2" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102507; SV-111449", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4352,6 +4458,7 @@ "nist": [ "IA-2 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102509; SV-111451", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4393,6 +4500,7 @@ "nist": [ "IA-2 (5)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-102511; SV-111565", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4434,6 +4542,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-102513; SV-111455", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4475,6 +4584,7 @@ "nist": [ "IA-5 (2) (b) (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102515; SV-111457", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4516,6 +4626,7 @@ "nist": [ "IA-5 (2) (a) (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102517; SV-111459", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4566,6 +4677,7 @@ "SC-8 (1)", "SC-28 (1)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-102609; SV-111567", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4607,6 +4719,7 @@ "nist": [ "SC-2" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102521; SV-111461", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4648,6 +4761,7 @@ "nist": [ "SC-2" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102523; SV-111463", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4689,6 +4803,7 @@ "nist": [ "SC-23" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102525; SV-111465", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4730,6 +4845,7 @@ "nist": [ "SC-23 (3)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102529; SV-111469", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4771,6 +4887,7 @@ "nist": [ "SC-24" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102531; SV-111471", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4812,6 +4929,7 @@ "nist": [ "SI-11 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102533; SV-111473", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4853,6 +4971,7 @@ "nist": [ "SI-11 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102535; SV-111475", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4894,6 +5013,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102537; SV-111477", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4935,6 +5055,7 @@ "nist": [ "SI-11 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102539; SV-111479", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4978,6 +5099,7 @@ "IA-11", "AC-12" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102541; SV-111481", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5019,6 +5141,7 @@ "nist": [ "AC-17 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102543; SV-111483", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5060,6 +5183,7 @@ "nist": [ "AC-17 (9)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102545; SV-111485", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5101,6 +5225,7 @@ "nist": [ "AC-17 (9)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102547; SV-111487", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5142,6 +5267,7 @@ "nist": [ "AC-6 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102549; SV-111489", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5183,6 +5309,7 @@ "nist": [ "AC-6 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102551; SV-111491", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5224,6 +5351,7 @@ "nist": [ "AC-6 (9)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102553; SV-111493", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5265,6 +5393,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102555; SV-111495", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5306,6 +5435,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102557; SV-111497", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5347,6 +5477,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102559; SV-111499", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5388,6 +5519,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102561; SV-111501", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5429,6 +5561,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102563; SV-111503", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5470,6 +5603,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102565; SV-111505", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5515,6 +5649,7 @@ "IA-2 (12)", "IA-8 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102569; SV-111509", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5556,6 +5691,7 @@ "nist": [ "SC-23 (5)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102571; SV-111511", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5597,6 +5733,7 @@ "nist": [ "SC-5 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102573; SV-111513", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5640,6 +5777,7 @@ "SC-5 a", "SI-2 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102575; SV-111515", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5683,6 +5821,7 @@ "AU-12 c", "CM-5 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102577; SV-111517", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5724,6 +5863,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102579; SV-111519", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5765,6 +5905,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102581; SV-111521", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5806,6 +5947,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102583; SV-111523", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5847,6 +5989,7 @@ "nist": [ "SC-13 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102585; SV-111525", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5888,6 +6031,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102587; SV-111527", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5929,6 +6073,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102589; SV-111529", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5970,6 +6115,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102591; SV-111531", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -6011,6 +6157,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102593; SV-111533", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -6052,6 +6199,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102595; SV-111535", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -6093,6 +6241,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102597; SV-111537", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -6134,6 +6283,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102599; SV-111539", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -6175,6 +6325,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102601; SV-111541", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -6216,6 +6367,7 @@ "nist": [ "AU-5 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102621; SV-111571", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -6257,6 +6409,7 @@ "nist": [ "AC-10" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69239; SV-83861", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6298,6 +6451,7 @@ "nist": [ "AC-12" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69241; SV-83863", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6339,6 +6493,7 @@ "nist": [ "AC-12" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69243; SV-83865", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6380,6 +6535,7 @@ "nist": [ "AC-12" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69245; SV-83867", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6421,6 +6577,7 @@ "nist": [ "AC-12 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69247; SV-83869", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6462,6 +6619,7 @@ "nist": [ "AC-12 (2)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69249; SV-83871", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6503,6 +6661,7 @@ "nist": [ "AC-16 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69251; SV-83873", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6544,6 +6703,7 @@ "nist": [ "AC-16 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69253; SV-83875", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6585,6 +6745,7 @@ "nist": [ "AC-16 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69255; SV-83877", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6626,6 +6787,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69257; SV-83879", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6667,6 +6829,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69259; SV-83881", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6708,6 +6871,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69261; SV-83883", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6749,6 +6913,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69279; SV-83901", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6790,6 +6955,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69281; SV-83903", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6831,6 +6997,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69283; SV-83905", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6872,6 +7039,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69285; SV-83907", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6913,6 +7081,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69287; SV-83909", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6954,6 +7123,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69289; SV-83911", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6995,6 +7165,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69291; SV-83913", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7036,6 +7207,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69293; SV-83915", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7077,6 +7249,7 @@ "nist": [ "AC-2 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69295; SV-83917", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7118,6 +7291,7 @@ "nist": [ "AC-2 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69297; SV-83919", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7159,6 +7333,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69299; SV-83921", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7200,6 +7375,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70173; SV-84795", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7241,6 +7417,7 @@ "nist": [ "AC-2 (3) (d)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69301; SV-83923", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7282,6 +7459,7 @@ "nist": [ "AC-2 (3) (d)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69303; SV-83925", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7323,6 +7501,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69305; SV-83927", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7364,6 +7543,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69307; SV-83929", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7405,6 +7585,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69309; SV-83931", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7446,6 +7627,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69311; SV-83933", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7487,6 +7669,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69313; SV-83935", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7528,6 +7711,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69315; SV-83937", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7569,6 +7753,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69317; SV-83939", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7610,6 +7795,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69319; SV-83941", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7651,6 +7837,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69321; SV-83943", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7692,6 +7879,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69323; SV-83945", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7733,6 +7921,7 @@ "nist": [ "AC-23" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69325; SV-83947", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7774,6 +7963,7 @@ "nist": [ "AC-23" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69327; SV-83949", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7815,6 +8005,7 @@ "nist": [ "AC-3" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69329; SV-83951", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7856,6 +8047,7 @@ "nist": [ "AC-3 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69331; SV-83953", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7897,6 +8089,7 @@ "nist": [ "AC-4" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69333; SV-83955", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7938,6 +8131,7 @@ "nist": [ "AC-4" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69335; SV-83957", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7979,6 +8173,7 @@ "nist": [ "AC-6 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69337; SV-83959", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8020,6 +8215,7 @@ "nist": [ "AC-6 (8)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69339; SV-83961", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8061,6 +8257,7 @@ "nist": [ "AC-6 (9)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69341; SV-83963", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8102,6 +8299,7 @@ "nist": [ "AC-7 a" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69343; SV-83965", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8143,6 +8341,7 @@ "nist": [ "AC-7 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69347; SV-83969", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8184,6 +8383,7 @@ "nist": [ "AC-8 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69349; SV-83971", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8225,6 +8425,7 @@ "nist": [ "AC-8 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69351; SV-83973", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8272,6 +8473,7 @@ "AC-8 c 2", "AC-8 c 3" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69353; SV-83975", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8313,6 +8515,7 @@ "nist": [ "AC-9" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69355; SV-83977", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8354,6 +8557,7 @@ "nist": [ "AU-10" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69357; SV-83979", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8395,6 +8599,7 @@ "nist": [ "AU-12 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69359; SV-83981", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8436,6 +8641,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69363; SV-83985", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8477,6 +8683,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69365; SV-83987", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8518,6 +8725,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69367; SV-83989", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8559,6 +8767,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69369; SV-83991", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8600,6 +8809,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69371; SV-83993", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8641,6 +8851,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69373; SV-83995", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8682,6 +8893,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69375; SV-83997", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8723,6 +8935,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69377; SV-83999", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8764,6 +8977,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69379; SV-84001", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8805,6 +9019,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69381; SV-84003", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8846,6 +9061,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69383; SV-84005", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8887,6 +9103,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69385; SV-84007", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8928,6 +9145,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69387; SV-84009", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8969,6 +9187,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69389; SV-84011", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9010,6 +9229,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69391; SV-84013", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9051,6 +9271,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69393; SV-84015", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9092,6 +9313,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69395; SV-84017", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9133,6 +9355,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69397; SV-84019", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9174,6 +9397,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69399; SV-84021", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9215,6 +9439,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69401; SV-84023", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9256,6 +9481,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69403; SV-84025", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9297,6 +9523,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69405; SV-84027", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9338,6 +9565,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69407; SV-84029", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9379,6 +9607,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69409; SV-84031", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9420,6 +9649,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69411; SV-84033", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9461,6 +9691,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69413; SV-84035", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9502,6 +9733,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69415; SV-84037", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9543,6 +9775,7 @@ "nist": [ "AU-14 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69419; SV-84041", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9584,6 +9817,7 @@ "nist": [ "AU-3 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69421; SV-84043", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9625,6 +9859,7 @@ "nist": [ "AU-3 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69423; SV-84045", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9666,6 +9901,7 @@ "nist": [ "AU-3 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69425; SV-84047", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9707,6 +9943,7 @@ "nist": [ "AU-3 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69427; SV-84049", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9748,6 +9985,7 @@ "nist": [ "AU-3 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69429; SV-84051", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9789,6 +10027,7 @@ "nist": [ "AU-3 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69431; SV-84053", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9830,6 +10069,7 @@ "nist": [ "AU-3 d" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69433; SV-84055", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9871,6 +10111,7 @@ "nist": [ "AU-3 e" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69435; SV-84057", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9912,6 +10153,7 @@ "nist": [ "AU-3 f" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69437; SV-84059", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9953,6 +10195,7 @@ "nist": [ "AU-3 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69439; SV-84061", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9994,6 +10237,7 @@ "nist": [ "AU-3 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69441; SV-84063", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10035,6 +10279,7 @@ "nist": [ "AU-3 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69443; SV-84065", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10076,6 +10321,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69445; SV-84067", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10117,6 +10363,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69447; SV-84069", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10158,6 +10405,7 @@ "nist": [ "AU-5 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69449; SV-84071", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10199,6 +10447,7 @@ "nist": [ "AU-5 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69451; SV-84073", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10240,6 +10489,7 @@ "nist": [ "AU-5 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69453; SV-84075", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10281,6 +10531,7 @@ "nist": [ "AU-5 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69455; SV-84077", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10322,6 +10573,7 @@ "nist": [ "AU-6 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69457; SV-84079", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10363,6 +10615,7 @@ "nist": [ "AU-7 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69459; SV-84081", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10404,6 +10657,7 @@ "nist": [ "AU-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69461; SV-84083", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10445,6 +10699,7 @@ "nist": [ "AU-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69463; SV-84085", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10486,6 +10741,7 @@ "nist": [ "AU-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69465; SV-84087", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10527,6 +10783,7 @@ "nist": [ "AU-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69467; SV-84089", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10568,6 +10825,7 @@ "nist": [ "AU-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69469; SV-84091", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10609,6 +10867,7 @@ "nist": [ "AU-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69471; SV-84093", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10650,6 +10909,7 @@ "nist": [ "AU-7 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69473; SV-84095", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10691,6 +10951,7 @@ "nist": [ "AU-7 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69475; SV-84097", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10732,6 +10993,7 @@ "nist": [ "AU-8 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69477; SV-84099", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10773,6 +11035,7 @@ "nist": [ "AU-8 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69479; SV-84101", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10814,6 +11077,7 @@ "nist": [ "AU-8 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69481; SV-84103", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10855,6 +11119,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69483; SV-84105", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10896,6 +11161,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69485; SV-84107", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10937,6 +11203,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69487; SV-84109", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10978,6 +11245,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69489; SV-84111", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11019,6 +11287,7 @@ "nist": [ "AU-9" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69491; SV-84113", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11060,6 +11329,7 @@ "nist": [ "AU-9" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69493; SV-84115", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11101,6 +11371,7 @@ "nist": [ "AU-9 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69495; SV-84117", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11142,6 +11413,7 @@ "nist": [ "AU-9 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69497; SV-84119", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11183,6 +11455,7 @@ "nist": [ "AU-9 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69499; SV-84121", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11224,6 +11497,7 @@ "nist": [ "AU-9 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69501; SV-84123", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11265,6 +11539,7 @@ "nist": [ "CM-11 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69503; SV-84125", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11306,6 +11581,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69505; SV-84127", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11347,6 +11623,7 @@ "nist": [ "CM-5 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69507; SV-84129", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11388,6 +11665,7 @@ "nist": [ "CM-5 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69509; SV-84131", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11429,6 +11707,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69511; SV-84133", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11470,6 +11749,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69513; SV-84135", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11511,6 +11791,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69515; SV-84137", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11552,6 +11833,7 @@ "nist": [ "CM-7 (5) (b)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69517; SV-84139", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11593,6 +11875,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69519; SV-84141", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11634,6 +11917,7 @@ "nist": [ "CM-7 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69521; SV-84143", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11675,6 +11959,7 @@ "nist": [ "IA-11" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69523; SV-84145", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11716,6 +12001,7 @@ "nist": [ "IA-11" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69525; SV-84147", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11757,6 +12043,7 @@ "nist": [ "IA-2" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69527; SV-84149", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11798,6 +12085,7 @@ "nist": [ "IA-2 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69529; SV-84151", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11839,6 +12127,7 @@ "nist": [ "IA-2 (12)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69531; SV-84153", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11880,6 +12169,7 @@ "nist": [ "IA-2 (12)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69533; SV-84155", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11921,6 +12211,7 @@ "nist": [ "IA-2 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69535; SV-84157", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11962,6 +12253,7 @@ "nist": [ "IA-2 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69537; SV-84159", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12003,6 +12295,7 @@ "nist": [ "IA-2 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69539; SV-84161", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12044,6 +12337,7 @@ "nist": [ "IA-2 (5)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69541; SV-84163", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12085,6 +12379,7 @@ "nist": [ "IA-2 (8)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69543; SV-84165", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12126,6 +12421,7 @@ "nist": [ "IA-2 (9)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69545; SV-84167", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12167,6 +12463,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69547; SV-84169", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12208,6 +12505,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69549; SV-84171", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12249,6 +12547,7 @@ "nist": [ "IA-3 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69551; SV-84173", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12290,6 +12589,7 @@ "nist": [ "IA-4 e" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69553; SV-84175", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12331,6 +12631,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69555; SV-84177", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12372,6 +12673,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69557; SV-84179", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12413,6 +12715,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69559; SV-84181", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12454,6 +12757,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69561; SV-84183", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12495,6 +12799,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69563; SV-84185", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12536,6 +12841,7 @@ "nist": [ "IA-5 (1) (b)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69565; SV-84187", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12577,6 +12883,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69567; SV-84189", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12618,6 +12925,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69569; SV-84191", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12659,6 +12967,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69571; SV-84193", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12700,6 +13009,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69573; SV-84195", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12741,6 +13051,7 @@ "nist": [ "IA-5 (1) (e)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69575; SV-84197", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12782,6 +13093,7 @@ "nist": [ "IA-5 (1) (f)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69577; SV-84199", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12823,6 +13135,7 @@ "nist": [ "IA-5 h" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70145; SV-84767", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12864,6 +13177,7 @@ "nist": [ "IA-5 (13)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70147; SV-84769", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12905,6 +13219,7 @@ "nist": [ "IA-5 (2) (b) (1)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70149; SV-84771", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12946,6 +13261,7 @@ "nist": [ "IA-5 (2) (a) (1)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70151; SV-84773", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12987,6 +13303,7 @@ "nist": [ "IA-5 (2) (a) (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70153; SV-84775", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13028,6 +13345,7 @@ "nist": [ "IA-5 (2) (d)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70155; SV-84777", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13069,6 +13387,7 @@ "nist": [ "IA-6" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70157; SV-84779", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13110,6 +13429,7 @@ "nist": [ "IA-7" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70159; SV-84781", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13151,6 +13471,7 @@ "nist": [ "IA-8" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70161; SV-84783", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13192,6 +13513,7 @@ "nist": [ "IA-8 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70163; SV-84785", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13233,6 +13555,7 @@ "nist": [ "IA-8 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70165; SV-84787", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13274,6 +13597,7 @@ "nist": [ "IA-8 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70167; SV-84789", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13315,6 +13639,7 @@ "nist": [ "IA-8 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70169; SV-84791", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13356,6 +13681,7 @@ "nist": [ "MA-4 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70171; SV-84793", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13397,6 +13723,7 @@ "nist": [ "MA-4 (6)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70175; SV-84797", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13438,6 +13765,7 @@ "nist": [ "MA-4 (6)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70177; SV-84799", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13479,6 +13807,7 @@ "nist": [ "MA-4 (7)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70179; SV-84801", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13520,6 +13849,7 @@ "nist": [ "MA-4 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70181; SV-84803", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13561,6 +13891,7 @@ "nist": [ "MA-4 e" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70183; SV-84805", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13604,6 +13935,7 @@ "CM-6 b", "SA-11 e" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70185; SV-84807", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13645,6 +13977,7 @@ "nist": [ "SC-10" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70187; SV-84809", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13686,6 +14019,7 @@ "nist": [ "SC-13 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70191; SV-84813", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13727,6 +14061,7 @@ "nist": [ "SC-13 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70193; SV-84815", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13768,6 +14103,7 @@ "nist": [ "SC-13 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70195; SV-84817", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13809,6 +14145,7 @@ "nist": [ "SC-13 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70197; SV-84819", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13850,6 +14187,7 @@ "nist": [ "SC-2" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70199; SV-84821", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13891,6 +14229,7 @@ "nist": [ "SC-23" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70201; SV-84823", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13932,6 +14271,7 @@ "nist": [ "SC-23" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70203; SV-84825", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13973,6 +14313,7 @@ "nist": [ "SC-23" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70205; SV-84827", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14014,6 +14355,7 @@ "nist": [ "SC-23 (1)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70207; SV-84829", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14055,6 +14397,7 @@ "nist": [ "SC-23 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70209; SV-84831", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14096,6 +14439,7 @@ "nist": [ "SC-23 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70211; SV-84833", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14137,6 +14481,7 @@ "nist": [ "SC-23 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70213; SV-84835", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14178,6 +14523,7 @@ "nist": [ "SC-23 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70215; SV-84837", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14219,6 +14565,7 @@ "nist": [ "SC-23 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70217; SV-84839", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14260,6 +14607,7 @@ "nist": [ "SC-23 (5)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70219; SV-84841", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14301,6 +14649,7 @@ "nist": [ "SC-24" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70221; SV-84843", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14342,6 +14691,7 @@ "nist": [ "SC-24" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70223; SV-84845", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14383,6 +14733,7 @@ "nist": [ "SC-28" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70225; SV-84847", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14424,6 +14775,7 @@ "nist": [ "SC-28 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70227; SV-84849", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14465,6 +14817,7 @@ "nist": [ "SC-28 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70229; SV-84851", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14506,6 +14859,7 @@ "nist": [ "SC-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70231; SV-84853", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14547,6 +14901,7 @@ "nist": [ "SC-39" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70233; SV-84855", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14588,6 +14943,7 @@ "nist": [ "SC-4" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70235; SV-84857", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14629,6 +14985,7 @@ "nist": [ "SC-5 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70237; SV-84859", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14670,6 +15027,7 @@ "nist": [ "SC-5 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70239; SV-84861", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14711,6 +15069,7 @@ "nist": [ "SC-5 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70241; SV-84863", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14752,6 +15111,7 @@ "nist": [ "SC-8" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70245; SV-84867", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14793,6 +15153,7 @@ "nist": [ "SC-8 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70247; SV-84869", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14834,6 +15195,7 @@ "nist": [ "SC-8 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70249; SV-84871", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14875,6 +15237,7 @@ "nist": [ "SC-8 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70251; SV-84873", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14916,6 +15279,7 @@ "nist": [ "SC-8 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70253; SV-84875", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14957,6 +15321,7 @@ "nist": [ "SC-8 (2)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70255; SV-84877", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14998,6 +15363,7 @@ "nist": [ "SI-10" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70257; SV-84879", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15039,6 +15405,7 @@ "nist": [ "SI-10" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70259; SV-84881", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15080,6 +15447,7 @@ "nist": [ "SI-10" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70261; SV-84883", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15121,6 +15489,7 @@ "nist": [ "SI-10" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70263; SV-84885", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15162,6 +15531,7 @@ "nist": [ "SI-10" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70265; SV-84887", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15203,6 +15573,7 @@ "nist": [ "SI-10" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70267; SV-84889", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15244,6 +15615,7 @@ "nist": [ "SI-10" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70269; SV-84891", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15285,6 +15657,7 @@ "nist": [ "SI-10 (3)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70271; SV-84893", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15326,6 +15699,7 @@ "nist": [ "SI-11 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70273; SV-84895", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15367,6 +15741,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70275; SV-84897", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15408,6 +15783,7 @@ "nist": [ "SI-16" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70277; SV-84899", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15449,6 +15825,7 @@ "nist": [ "SI-2 (6)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70279; SV-84901", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15490,6 +15867,7 @@ "nist": [ "SI-2 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70281; SV-84903", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15531,6 +15909,7 @@ "nist": [ "SI-6 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70283; SV-84905", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15572,6 +15951,7 @@ "nist": [ "SI-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70285; SV-84907", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15613,6 +15993,7 @@ "nist": [ "SI-6 c" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70287; SV-84909", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15654,6 +16035,7 @@ "nist": [ "SC-18 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70289; SV-84911", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15695,6 +16077,7 @@ "nist": [ "AC-2 f" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70291; SV-84913", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15736,6 +16119,7 @@ "nist": [ "AC-6 (4)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70293; SV-84915", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15777,6 +16161,7 @@ "nist": [ "AU-11" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70295; SV-84917", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15818,6 +16203,7 @@ "nist": [ "AU-6 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70297; SV-84919", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15859,6 +16245,7 @@ "nist": [ "AU-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70301; SV-84923", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15900,6 +16287,7 @@ "nist": [ "CA-2 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70303; SV-84925", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15943,6 +16331,7 @@ "CM-4 (2)", "CM-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70307; SV-84929", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15984,6 +16373,7 @@ "nist": [ "CM-5" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70309; SV-84931", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16025,6 +16415,7 @@ "nist": [ "CM-6 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70311; SV-84933", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16066,6 +16457,7 @@ "nist": [ "CM-7 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70313; SV-84935", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16107,6 +16499,7 @@ "nist": [ "CM-7 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70317; SV-84939", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16148,6 +16541,7 @@ "nist": [ "CM-9 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70339; SV-84961", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16189,6 +16583,7 @@ "nist": [ "CM-9 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70341; SV-84963", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16230,6 +16625,7 @@ "nist": [ "CM-9 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70343; SV-84965", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16271,6 +16667,7 @@ "nist": [ "CM-9 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70345; SV-84967", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16312,6 +16709,7 @@ "nist": [ "CP-11" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70347; SV-84969", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16353,6 +16751,7 @@ "nist": [ "CP-2 (8)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70349; SV-84971", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16394,6 +16793,7 @@ "nist": [ "CP-2 a 1" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70351; SV-84973", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16435,6 +16835,7 @@ "nist": [ "CP-2 a 2" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70353; SV-84975", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16476,6 +16877,7 @@ "nist": [ "CP-9 (b)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70355; SV-84977", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16517,6 +16919,7 @@ "nist": [ "CP-9 (d)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70357; SV-84979", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16558,6 +16961,7 @@ "nist": [ "CP-9 (d)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70359; SV-84981", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16599,6 +17003,7 @@ "nist": [ "IA-5 (6)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70361; SV-84983", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16640,6 +17045,7 @@ "nist": [ "IA-5 (7)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70363; SV-84985", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16681,6 +17087,7 @@ "nist": [ "MP-3 a" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70365; SV-84987", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16722,6 +17129,7 @@ "nist": [ "PM-14 a 2" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70367; SV-84989", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16763,6 +17171,7 @@ "nist": [ "SA-10 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70369; SV-84991", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16804,6 +17213,7 @@ "nist": [ "SA-11 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70371; SV-84993", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16845,6 +17255,7 @@ "nist": [ "SA-11 (2)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70373; SV-84995", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16886,6 +17297,7 @@ "nist": [ "SA-11 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70375; SV-84997", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16927,6 +17339,7 @@ "nist": [ "SA-11 (4)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70377; SV-84999", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16968,6 +17381,7 @@ "nist": [ "SA-11 (8)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70379; SV-85001", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17009,6 +17423,7 @@ "nist": [ "SA-11 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70381; SV-85003", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17050,6 +17465,7 @@ "nist": [ "SA-11 e" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70383; SV-85005", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17091,6 +17507,7 @@ "nist": [ "SA-15 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70385; SV-85007", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17132,6 +17549,7 @@ "nist": [ "SA-15 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70387; SV-85009", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17173,6 +17591,7 @@ "nist": [ "SA-15 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70389; SV-85011", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17214,6 +17633,7 @@ "nist": [ "SA-15 (5)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70391; SV-85013", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17255,6 +17675,7 @@ "nist": [ "SA-15 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70393; SV-85015", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17296,6 +17717,7 @@ "nist": [ "SA-22 a" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70395; SV-85017", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17337,6 +17759,7 @@ "nist": [ "SA-22 a" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70397; SV-85019", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17378,6 +17801,7 @@ "nist": [ "SA-22 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70399; SV-85021", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17419,6 +17843,7 @@ "nist": [ "SA-4 (5) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70401; SV-85023", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17460,6 +17885,7 @@ "nist": [ "SA-4 (5) (a)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70403; SV-85025", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17501,6 +17927,7 @@ "nist": [ "SA-5 a 1" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70405; SV-85027", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17542,6 +17969,7 @@ "nist": [ "SA-5 a 1" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70407; SV-85029", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17583,6 +18011,7 @@ "nist": [ "SC-18 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70409; SV-85031", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17624,6 +18053,7 @@ "nist": [ "SC-28 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70411; SV-85033", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17665,6 +18095,7 @@ "nist": [ "SC-5" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70413; SV-85035", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17706,6 +18137,7 @@ "nist": [ "SI-4 (12)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70415; SV-85037", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17747,6 +18179,7 @@ "nist": [ "SI-5 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70417; SV-85039", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17788,6 +18221,7 @@ "nist": [ "SI-5 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70419; SV-85041", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17829,6 +18263,7 @@ "nist": [ "SC-7 (13)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70421; SV-85043", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17870,6 +18305,7 @@ "nist": [ "AU-12 c" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70423; SV-85045", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17911,6 +18347,7 @@ "nist": [ "AT-3 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70425; SV-85047", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17952,6 +18389,7 @@ "nist": [ "SC-13 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70189; SV-84811", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17982,7 +18420,7 @@ ] } ], - "sha256": "58a48bbf1947aaed4c1c7cabf630c90bfad3b4a7e814e1d95ceb9bcc01ebb7a9" + "sha256": "dcb441963b292ffddc7b1545fba19623ce10c78d48306894f61b2a3dbc62b25d" }, { "name": "AAA_Service_SRG", @@ -18007,6 +18445,7 @@ "nist": [ "CM-7 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18047,6 +18486,7 @@ "nist": [ "CM-7 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18087,6 +18527,7 @@ "nist": [ "AC-2 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18127,6 +18568,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18167,6 +18609,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18207,6 +18650,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "low", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18247,6 +18691,7 @@ "nist": [ "AC-2 (3) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18287,6 +18732,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18327,6 +18773,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18367,6 +18814,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18407,6 +18855,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18447,6 +18896,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18487,6 +18937,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18527,6 +18978,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18567,6 +19019,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18607,6 +19060,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18647,6 +19101,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18687,6 +19142,7 @@ "nist": [ "AC-3 (7)" ], + "severity": "low", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18727,6 +19183,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18767,6 +19224,7 @@ "nist": [ "AC-7 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18807,6 +19265,7 @@ "nist": [ "AU-3 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18847,6 +19306,7 @@ "nist": [ "AU-3 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18887,6 +19347,7 @@ "nist": [ "AU-3 c" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18927,6 +19388,7 @@ "nist": [ "AU-3 d" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18967,6 +19429,7 @@ "nist": [ "AU-3 e" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19007,6 +19470,7 @@ "nist": [ "AU-3 f" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19047,6 +19511,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19087,6 +19552,7 @@ "nist": [ "AU-5 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19127,6 +19593,7 @@ "nist": [ "AU-5 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19167,6 +19634,7 @@ "nist": [ "AU-5 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19207,6 +19675,7 @@ "nist": [ "AU-8 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19247,6 +19716,7 @@ "nist": [ "AU-8 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19287,6 +19757,7 @@ "nist": [ "AU-8 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19329,6 +19800,7 @@ "CM-6 b", "AU-8 (1) (a)" ], + "severity": "low", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19371,6 +19843,7 @@ "CM-6 b", "AU-8 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19411,6 +19884,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19451,6 +19925,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19491,6 +19966,7 @@ "nist": [ "IA-2" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19531,6 +20007,7 @@ "nist": [ "IA-2 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19571,6 +20048,7 @@ "nist": [ "IA-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19611,6 +20089,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19651,6 +20130,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19691,6 +20171,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19731,6 +20212,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19771,6 +20253,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19811,6 +20294,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19851,6 +20335,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19891,6 +20376,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19931,6 +20417,7 @@ "nist": [ "IA-5 (1) (b)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19971,6 +20458,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20011,6 +20499,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20051,6 +20540,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20091,6 +20581,7 @@ "nist": [ "IA-5 (1) (e)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20131,6 +20622,7 @@ "nist": [ "IA-5 (1) (f)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20171,6 +20663,7 @@ "nist": [ "IA-5 (2) (b) (1)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20211,6 +20704,7 @@ "nist": [ "IA-5 (2) (b) (1)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20251,6 +20745,7 @@ "nist": [ "IA-5 (2) (a) (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20291,6 +20786,7 @@ "nist": [ "IA-5 (2) (a) (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20331,6 +20827,7 @@ "nist": [ "SC-28" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20371,6 +20868,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20411,6 +20909,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20451,6 +20950,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20491,6 +20991,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20531,6 +21032,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20571,6 +21073,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20611,6 +21114,7 @@ "nist": [ "CM-7 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20651,6 +21155,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20691,6 +21196,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20731,6 +21237,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20760,7 +21267,7 @@ ] } ], - "sha256": "146e96ba50d6041b8530ec87807704dda1bd0a8b883dc6ba097d321f55f13692", + "sha256": "53e2df777d0b38b565db5bf2faabc1422e497cafe2791f12e73b9ba4565fd6f5", "parent_profile": "Parent Profile" }, { @@ -20786,6 +21293,7 @@ "nist": [ "AC-10" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102427; SV-111371", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -20827,6 +21335,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102429; SV-111373", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -20868,6 +21377,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102431; SV-111375", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -20913,6 +21423,7 @@ "AC-17 (2)", "SC-8" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102433; SV-111547", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -20966,6 +21477,7 @@ "AU-12 a", "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102435; SV-111379", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21009,6 +21521,7 @@ "IA-5 (2) (a) (1)", "AC-3" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-102445; SV-111393", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21050,6 +21563,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102447; SV-111395", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21091,6 +21605,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102449; SV-111397", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21132,6 +21647,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102451; SV-111399", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21173,6 +21689,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102453; SV-111401", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21214,6 +21731,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102455; SV-111403", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21255,6 +21773,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102457; SV-111405", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21304,6 +21823,7 @@ "AU-12 c", "AU-3 f" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102603; SV-111549", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21345,6 +21865,7 @@ "nist": [ "AU-3 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102461; SV-111407", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21386,6 +21907,7 @@ "nist": [ "AU-3 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102463; SV-111409", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21427,6 +21949,7 @@ "nist": [ "AU-3 c" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102465; SV-111411", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21468,6 +21991,7 @@ "nist": [ "AU-3 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102467; SV-111413", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21509,6 +22033,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102469; SV-111415", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21550,6 +22075,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102471; SV-111417", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21593,6 +22119,7 @@ "AU-9 a", "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102473; SV-111419", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21636,6 +22163,7 @@ "AU-9 a", "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102605; SV-111551", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21677,6 +22205,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102477; SV-111421", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21723,6 +22252,7 @@ "AU-9", "AC-6 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102607; SV-111553", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21764,6 +22294,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102481; SV-111423", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21805,6 +22336,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102483; SV-111425", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21846,6 +22378,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102485; SV-111427", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21887,6 +22420,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102487; SV-111429", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21928,6 +22462,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102489; SV-111431", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21969,6 +22504,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102491; SV-111433", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22010,6 +22546,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102493; SV-111435", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22051,6 +22588,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102495; SV-111437", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22092,6 +22630,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102497; SV-111439", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22133,6 +22672,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102499; SV-111441", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22174,6 +22714,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102501; SV-111443", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22215,6 +22756,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102503; SV-111445", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22256,6 +22798,7 @@ "nist": [ "CM-7 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102505; SV-111447", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22297,6 +22840,7 @@ "nist": [ "IA-2" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102507; SV-111449", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22338,6 +22882,7 @@ "nist": [ "IA-2 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102509; SV-111451", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22379,6 +22924,7 @@ "nist": [ "IA-2 (5)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-102511; SV-111565", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22420,6 +22966,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-102513; SV-111455", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22461,6 +23008,7 @@ "nist": [ "IA-5 (2) (b) (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102515; SV-111457", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22502,6 +23050,7 @@ "nist": [ "IA-5 (2) (a) (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102517; SV-111459", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22552,6 +23101,7 @@ "SC-8 (1)", "SC-28 (1)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-102609; SV-111567", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22593,6 +23143,7 @@ "nist": [ "SC-2" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102521; SV-111461", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22634,6 +23185,7 @@ "nist": [ "SC-2" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102523; SV-111463", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22675,6 +23227,7 @@ "nist": [ "SC-23" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102525; SV-111465", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22716,6 +23269,7 @@ "nist": [ "SC-23 (3)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102529; SV-111469", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22757,6 +23311,7 @@ "nist": [ "SC-24" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102531; SV-111471", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22798,6 +23353,7 @@ "nist": [ "SI-11 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102533; SV-111473", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22839,6 +23395,7 @@ "nist": [ "SI-11 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102535; SV-111475", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22880,6 +23437,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102537; SV-111477", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22921,6 +23479,7 @@ "nist": [ "SI-11 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102539; SV-111479", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22964,6 +23523,7 @@ "IA-11", "AC-12" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102541; SV-111481", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23005,6 +23565,7 @@ "nist": [ "AC-17 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102543; SV-111483", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23046,6 +23607,7 @@ "nist": [ "AC-17 (9)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102545; SV-111485", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23087,6 +23649,7 @@ "nist": [ "AC-17 (9)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102547; SV-111487", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23128,6 +23691,7 @@ "nist": [ "AC-6 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102549; SV-111489", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23169,6 +23733,7 @@ "nist": [ "AC-6 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102551; SV-111491", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23210,6 +23775,7 @@ "nist": [ "AC-6 (9)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102553; SV-111493", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23251,6 +23817,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102555; SV-111495", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23292,6 +23859,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102557; SV-111497", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23333,6 +23901,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102559; SV-111499", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23374,6 +23943,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102561; SV-111501", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23415,6 +23985,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102563; SV-111503", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23456,6 +24027,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102565; SV-111505", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23501,6 +24073,7 @@ "IA-2 (12)", "IA-8 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102569; SV-111509", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23542,6 +24115,7 @@ "nist": [ "SC-23 (5)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102571; SV-111511", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23583,6 +24157,7 @@ "nist": [ "SC-5 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102573; SV-111513", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23626,6 +24201,7 @@ "SC-5 a", "SI-2 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102575; SV-111515", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23669,6 +24245,7 @@ "AU-12 c", "CM-5 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102577; SV-111517", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23710,6 +24287,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102579; SV-111519", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23751,6 +24329,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102581; SV-111521", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23792,6 +24371,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102583; SV-111523", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23833,6 +24413,7 @@ "nist": [ "SC-13 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102585; SV-111525", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23874,6 +24455,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102587; SV-111527", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23915,6 +24497,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102589; SV-111529", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23956,6 +24539,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102591; SV-111531", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23997,6 +24581,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102593; SV-111533", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -24038,6 +24623,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102595; SV-111535", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -24079,6 +24665,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102597; SV-111537", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -24120,6 +24707,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102599; SV-111539", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -24161,6 +24749,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102601; SV-111541", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -24202,6 +24791,7 @@ "nist": [ "AU-5 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102621; SV-111571", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -24232,7 +24822,7 @@ ] } ], - "sha256": "f1a63ebf8958eb8b41df6100af8c7b5a859a8004723b5093fb9fbd6022f9338e", + "sha256": "be76a2514c65d678d36fcd98c645f90908c1807e77462b9b9b9ffa659ee39017", "parent_profile": "Parent Profile" }, { @@ -24258,6 +24848,7 @@ "nist": [ "AC-10" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69239; SV-83861", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24299,6 +24890,7 @@ "nist": [ "AC-12" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69241; SV-83863", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24340,6 +24932,7 @@ "nist": [ "AC-12" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69243; SV-83865", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24381,6 +24974,7 @@ "nist": [ "AC-12" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69245; SV-83867", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24422,6 +25016,7 @@ "nist": [ "AC-12 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69247; SV-83869", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24463,6 +25058,7 @@ "nist": [ "AC-12 (2)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69249; SV-83871", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24504,6 +25100,7 @@ "nist": [ "AC-16 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69251; SV-83873", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24545,6 +25142,7 @@ "nist": [ "AC-16 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69253; SV-83875", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24586,6 +25184,7 @@ "nist": [ "AC-16 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69255; SV-83877", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24627,6 +25226,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69257; SV-83879", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24668,6 +25268,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69259; SV-83881", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24709,6 +25310,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69261; SV-83883", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24750,6 +25352,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69279; SV-83901", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24791,6 +25394,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69281; SV-83903", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24832,6 +25436,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69283; SV-83905", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24873,6 +25478,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69285; SV-83907", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24914,6 +25520,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69287; SV-83909", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24955,6 +25562,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69289; SV-83911", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24996,6 +25604,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69291; SV-83913", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25037,6 +25646,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69293; SV-83915", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25078,6 +25688,7 @@ "nist": [ "AC-2 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69295; SV-83917", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25119,6 +25730,7 @@ "nist": [ "AC-2 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69297; SV-83919", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25160,6 +25772,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69299; SV-83921", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25201,6 +25814,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70173; SV-84795", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25242,6 +25856,7 @@ "nist": [ "AC-2 (3) (d)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69301; SV-83923", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25283,6 +25898,7 @@ "nist": [ "AC-2 (3) (d)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69303; SV-83925", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25324,6 +25940,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69305; SV-83927", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25365,6 +25982,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69307; SV-83929", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25406,6 +26024,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69309; SV-83931", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25447,6 +26066,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69311; SV-83933", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25488,6 +26108,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69313; SV-83935", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25529,6 +26150,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69315; SV-83937", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25570,6 +26192,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69317; SV-83939", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25611,6 +26234,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69319; SV-83941", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25652,6 +26276,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69321; SV-83943", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25693,6 +26318,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69323; SV-83945", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25734,6 +26360,7 @@ "nist": [ "AC-23" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69325; SV-83947", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25775,6 +26402,7 @@ "nist": [ "AC-23" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69327; SV-83949", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25816,6 +26444,7 @@ "nist": [ "AC-3" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69329; SV-83951", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25857,6 +26486,7 @@ "nist": [ "AC-3 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69331; SV-83953", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25898,6 +26528,7 @@ "nist": [ "AC-4" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69333; SV-83955", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25939,6 +26570,7 @@ "nist": [ "AC-4" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69335; SV-83957", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25980,6 +26612,7 @@ "nist": [ "AC-6 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69337; SV-83959", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26021,6 +26654,7 @@ "nist": [ "AC-6 (8)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69339; SV-83961", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26062,6 +26696,7 @@ "nist": [ "AC-6 (9)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69341; SV-83963", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26103,6 +26738,7 @@ "nist": [ "AC-7 a" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69343; SV-83965", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26144,6 +26780,7 @@ "nist": [ "AC-7 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69347; SV-83969", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26185,6 +26822,7 @@ "nist": [ "AC-8 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69349; SV-83971", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26226,6 +26864,7 @@ "nist": [ "AC-8 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69351; SV-83973", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26273,6 +26912,7 @@ "AC-8 c 2", "AC-8 c 3" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69353; SV-83975", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26314,6 +26954,7 @@ "nist": [ "AC-9" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69355; SV-83977", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26355,6 +26996,7 @@ "nist": [ "AU-10" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69357; SV-83979", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26396,6 +27038,7 @@ "nist": [ "AU-12 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69359; SV-83981", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26437,6 +27080,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69363; SV-83985", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26478,6 +27122,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69365; SV-83987", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26519,6 +27164,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69367; SV-83989", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26560,6 +27206,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69369; SV-83991", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26601,6 +27248,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69371; SV-83993", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26642,6 +27290,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69373; SV-83995", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26683,6 +27332,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69375; SV-83997", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26724,6 +27374,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69377; SV-83999", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26765,6 +27416,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69379; SV-84001", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26806,6 +27458,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69381; SV-84003", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26847,6 +27500,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69383; SV-84005", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26888,6 +27542,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69385; SV-84007", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26929,6 +27584,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69387; SV-84009", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26970,6 +27626,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69389; SV-84011", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27011,6 +27668,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69391; SV-84013", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27052,6 +27710,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69393; SV-84015", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27093,6 +27752,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69395; SV-84017", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27134,6 +27794,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69397; SV-84019", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27175,6 +27836,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69399; SV-84021", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27216,6 +27878,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69401; SV-84023", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27257,6 +27920,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69403; SV-84025", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27298,6 +27962,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69405; SV-84027", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27339,6 +28004,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69407; SV-84029", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27380,6 +28046,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69409; SV-84031", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27421,6 +28088,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69411; SV-84033", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27462,6 +28130,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69413; SV-84035", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27503,6 +28172,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69415; SV-84037", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27544,6 +28214,7 @@ "nist": [ "AU-14 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69419; SV-84041", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27585,6 +28256,7 @@ "nist": [ "AU-3 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69421; SV-84043", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27626,6 +28298,7 @@ "nist": [ "AU-3 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69423; SV-84045", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27667,6 +28340,7 @@ "nist": [ "AU-3 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69425; SV-84047", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27708,6 +28382,7 @@ "nist": [ "AU-3 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69427; SV-84049", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27749,6 +28424,7 @@ "nist": [ "AU-3 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69429; SV-84051", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27790,6 +28466,7 @@ "nist": [ "AU-3 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69431; SV-84053", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27831,6 +28508,7 @@ "nist": [ "AU-3 d" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69433; SV-84055", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27872,6 +28550,7 @@ "nist": [ "AU-3 e" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69435; SV-84057", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27913,6 +28592,7 @@ "nist": [ "AU-3 f" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69437; SV-84059", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27954,6 +28634,7 @@ "nist": [ "AU-3 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69439; SV-84061", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27995,6 +28676,7 @@ "nist": [ "AU-3 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69441; SV-84063", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28036,6 +28718,7 @@ "nist": [ "AU-3 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69443; SV-84065", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28077,6 +28760,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69445; SV-84067", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28118,6 +28802,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69447; SV-84069", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28159,6 +28844,7 @@ "nist": [ "AU-5 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69449; SV-84071", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28200,6 +28886,7 @@ "nist": [ "AU-5 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69451; SV-84073", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28241,6 +28928,7 @@ "nist": [ "AU-5 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69453; SV-84075", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28282,6 +28970,7 @@ "nist": [ "AU-5 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69455; SV-84077", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28323,6 +29012,7 @@ "nist": [ "AU-6 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69457; SV-84079", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28364,6 +29054,7 @@ "nist": [ "AU-7 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69459; SV-84081", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28405,6 +29096,7 @@ "nist": [ "AU-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69461; SV-84083", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28446,6 +29138,7 @@ "nist": [ "AU-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69463; SV-84085", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28487,6 +29180,7 @@ "nist": [ "AU-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69465; SV-84087", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28528,6 +29222,7 @@ "nist": [ "AU-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69467; SV-84089", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28569,6 +29264,7 @@ "nist": [ "AU-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69469; SV-84091", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28610,6 +29306,7 @@ "nist": [ "AU-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69471; SV-84093", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28651,6 +29348,7 @@ "nist": [ "AU-7 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69473; SV-84095", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28692,6 +29390,7 @@ "nist": [ "AU-7 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69475; SV-84097", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28733,6 +29432,7 @@ "nist": [ "AU-8 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69477; SV-84099", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28774,6 +29474,7 @@ "nist": [ "AU-8 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69479; SV-84101", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28815,6 +29516,7 @@ "nist": [ "AU-8 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69481; SV-84103", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28856,6 +29558,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69483; SV-84105", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28897,6 +29600,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69485; SV-84107", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28938,6 +29642,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69487; SV-84109", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28979,6 +29684,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69489; SV-84111", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29020,6 +29726,7 @@ "nist": [ "AU-9" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69491; SV-84113", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29061,6 +29768,7 @@ "nist": [ "AU-9" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69493; SV-84115", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29102,6 +29810,7 @@ "nist": [ "AU-9 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69495; SV-84117", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29143,6 +29852,7 @@ "nist": [ "AU-9 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69497; SV-84119", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29184,6 +29894,7 @@ "nist": [ "AU-9 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69499; SV-84121", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29225,6 +29936,7 @@ "nist": [ "AU-9 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69501; SV-84123", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29266,6 +29978,7 @@ "nist": [ "CM-11 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69503; SV-84125", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29307,6 +30020,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69505; SV-84127", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29348,6 +30062,7 @@ "nist": [ "CM-5 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69507; SV-84129", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29389,6 +30104,7 @@ "nist": [ "CM-5 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69509; SV-84131", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29430,6 +30146,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69511; SV-84133", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29471,6 +30188,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69513; SV-84135", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29512,6 +30230,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69515; SV-84137", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29553,6 +30272,7 @@ "nist": [ "CM-7 (5) (b)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69517; SV-84139", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29594,6 +30314,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69519; SV-84141", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29635,6 +30356,7 @@ "nist": [ "CM-7 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69521; SV-84143", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29676,6 +30398,7 @@ "nist": [ "IA-11" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69523; SV-84145", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29717,6 +30440,7 @@ "nist": [ "IA-11" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69525; SV-84147", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29758,6 +30482,7 @@ "nist": [ "IA-2" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69527; SV-84149", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29799,6 +30524,7 @@ "nist": [ "IA-2 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69529; SV-84151", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29840,6 +30566,7 @@ "nist": [ "IA-2 (12)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69531; SV-84153", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29881,6 +30608,7 @@ "nist": [ "IA-2 (12)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69533; SV-84155", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29922,6 +30650,7 @@ "nist": [ "IA-2 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69535; SV-84157", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29963,6 +30692,7 @@ "nist": [ "IA-2 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69537; SV-84159", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30004,6 +30734,7 @@ "nist": [ "IA-2 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69539; SV-84161", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30045,6 +30776,7 @@ "nist": [ "IA-2 (5)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69541; SV-84163", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30086,6 +30818,7 @@ "nist": [ "IA-2 (8)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69543; SV-84165", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30127,6 +30860,7 @@ "nist": [ "IA-2 (9)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69545; SV-84167", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30168,6 +30902,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69547; SV-84169", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30209,6 +30944,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69549; SV-84171", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30250,6 +30986,7 @@ "nist": [ "IA-3 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69551; SV-84173", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30291,6 +31028,7 @@ "nist": [ "IA-4 e" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69553; SV-84175", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30332,6 +31070,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69555; SV-84177", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30373,6 +31112,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69557; SV-84179", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30414,6 +31154,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69559; SV-84181", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30455,6 +31196,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69561; SV-84183", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30496,6 +31238,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69563; SV-84185", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30537,6 +31280,7 @@ "nist": [ "IA-5 (1) (b)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69565; SV-84187", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30578,6 +31322,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69567; SV-84189", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30619,6 +31364,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69569; SV-84191", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30660,6 +31406,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69571; SV-84193", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30701,6 +31448,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69573; SV-84195", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30742,6 +31490,7 @@ "nist": [ "IA-5 (1) (e)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69575; SV-84197", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30783,6 +31532,7 @@ "nist": [ "IA-5 (1) (f)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69577; SV-84199", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30824,6 +31574,7 @@ "nist": [ "IA-5 h" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70145; SV-84767", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30865,6 +31616,7 @@ "nist": [ "IA-5 (13)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70147; SV-84769", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30906,6 +31658,7 @@ "nist": [ "IA-5 (2) (b) (1)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70149; SV-84771", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30947,6 +31700,7 @@ "nist": [ "IA-5 (2) (a) (1)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70151; SV-84773", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30988,6 +31742,7 @@ "nist": [ "IA-5 (2) (a) (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70153; SV-84775", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31029,6 +31784,7 @@ "nist": [ "IA-5 (2) (d)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70155; SV-84777", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31070,6 +31826,7 @@ "nist": [ "IA-6" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70157; SV-84779", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31111,6 +31868,7 @@ "nist": [ "IA-7" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70159; SV-84781", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31152,6 +31910,7 @@ "nist": [ "IA-8" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70161; SV-84783", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31193,6 +31952,7 @@ "nist": [ "IA-8 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70163; SV-84785", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31234,6 +31994,7 @@ "nist": [ "IA-8 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70165; SV-84787", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31275,6 +32036,7 @@ "nist": [ "IA-8 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70167; SV-84789", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31316,6 +32078,7 @@ "nist": [ "IA-8 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70169; SV-84791", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31357,6 +32120,7 @@ "nist": [ "MA-4 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70171; SV-84793", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31398,6 +32162,7 @@ "nist": [ "MA-4 (6)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70175; SV-84797", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31439,6 +32204,7 @@ "nist": [ "MA-4 (6)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70177; SV-84799", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31480,6 +32246,7 @@ "nist": [ "MA-4 (7)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70179; SV-84801", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31521,6 +32288,7 @@ "nist": [ "MA-4 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70181; SV-84803", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31562,6 +32330,7 @@ "nist": [ "MA-4 e" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70183; SV-84805", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31605,6 +32374,7 @@ "CM-6 b", "SA-11 e" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70185; SV-84807", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31646,6 +32416,7 @@ "nist": [ "SC-10" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70187; SV-84809", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31687,6 +32458,7 @@ "nist": [ "SC-13 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70191; SV-84813", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31728,6 +32500,7 @@ "nist": [ "SC-13 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70193; SV-84815", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31769,6 +32542,7 @@ "nist": [ "SC-13 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70195; SV-84817", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31810,6 +32584,7 @@ "nist": [ "SC-13 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70197; SV-84819", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31851,6 +32626,7 @@ "nist": [ "SC-2" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70199; SV-84821", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31892,6 +32668,7 @@ "nist": [ "SC-23" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70201; SV-84823", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31933,6 +32710,7 @@ "nist": [ "SC-23" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70203; SV-84825", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31974,6 +32752,7 @@ "nist": [ "SC-23" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70205; SV-84827", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32015,6 +32794,7 @@ "nist": [ "SC-23 (1)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70207; SV-84829", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32056,6 +32836,7 @@ "nist": [ "SC-23 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70209; SV-84831", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32097,6 +32878,7 @@ "nist": [ "SC-23 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70211; SV-84833", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32138,6 +32920,7 @@ "nist": [ "SC-23 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70213; SV-84835", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32179,6 +32962,7 @@ "nist": [ "SC-23 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70215; SV-84837", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32220,6 +33004,7 @@ "nist": [ "SC-23 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70217; SV-84839", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32261,6 +33046,7 @@ "nist": [ "SC-23 (5)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70219; SV-84841", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32302,6 +33088,7 @@ "nist": [ "SC-24" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70221; SV-84843", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32343,6 +33130,7 @@ "nist": [ "SC-24" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70223; SV-84845", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32384,6 +33172,7 @@ "nist": [ "SC-28" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70225; SV-84847", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32425,6 +33214,7 @@ "nist": [ "SC-28 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70227; SV-84849", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32466,6 +33256,7 @@ "nist": [ "SC-28 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70229; SV-84851", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32507,6 +33298,7 @@ "nist": [ "SC-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70231; SV-84853", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32548,6 +33340,7 @@ "nist": [ "SC-39" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70233; SV-84855", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32589,6 +33382,7 @@ "nist": [ "SC-4" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70235; SV-84857", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32630,6 +33424,7 @@ "nist": [ "SC-5 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70237; SV-84859", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32671,6 +33466,7 @@ "nist": [ "SC-5 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70239; SV-84861", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32712,6 +33508,7 @@ "nist": [ "SC-5 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70241; SV-84863", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32753,6 +33550,7 @@ "nist": [ "SC-8" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70245; SV-84867", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32794,6 +33592,7 @@ "nist": [ "SC-8 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70247; SV-84869", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32835,6 +33634,7 @@ "nist": [ "SC-8 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70249; SV-84871", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32876,6 +33676,7 @@ "nist": [ "SC-8 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70251; SV-84873", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32917,6 +33718,7 @@ "nist": [ "SC-8 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70253; SV-84875", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32958,6 +33760,7 @@ "nist": [ "SC-8 (2)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70255; SV-84877", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32999,6 +33802,7 @@ "nist": [ "SI-10" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70257; SV-84879", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33040,6 +33844,7 @@ "nist": [ "SI-10" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70259; SV-84881", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33081,6 +33886,7 @@ "nist": [ "SI-10" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70261; SV-84883", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33122,6 +33928,7 @@ "nist": [ "SI-10" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70263; SV-84885", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33163,6 +33970,7 @@ "nist": [ "SI-10" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70265; SV-84887", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33204,6 +34012,7 @@ "nist": [ "SI-10" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70267; SV-84889", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33245,6 +34054,7 @@ "nist": [ "SI-10" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70269; SV-84891", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33286,6 +34096,7 @@ "nist": [ "SI-10 (3)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70271; SV-84893", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33327,6 +34138,7 @@ "nist": [ "SI-11 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70273; SV-84895", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33368,6 +34180,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70275; SV-84897", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33409,6 +34222,7 @@ "nist": [ "SI-16" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70277; SV-84899", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33450,6 +34264,7 @@ "nist": [ "SI-2 (6)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70279; SV-84901", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33491,6 +34306,7 @@ "nist": [ "SI-2 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70281; SV-84903", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33532,6 +34348,7 @@ "nist": [ "SI-6 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70283; SV-84905", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33573,6 +34390,7 @@ "nist": [ "SI-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70285; SV-84907", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33614,6 +34432,7 @@ "nist": [ "SI-6 c" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70287; SV-84909", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33655,6 +34474,7 @@ "nist": [ "SC-18 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70289; SV-84911", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33696,6 +34516,7 @@ "nist": [ "AC-2 f" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70291; SV-84913", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33737,6 +34558,7 @@ "nist": [ "AC-6 (4)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70293; SV-84915", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33778,6 +34600,7 @@ "nist": [ "AU-11" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70295; SV-84917", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33819,6 +34642,7 @@ "nist": [ "AU-6 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70297; SV-84919", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33860,6 +34684,7 @@ "nist": [ "AU-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70301; SV-84923", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33901,6 +34726,7 @@ "nist": [ "CA-2 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70303; SV-84925", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33944,6 +34770,7 @@ "CM-4 (2)", "CM-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70307; SV-84929", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33985,6 +34812,7 @@ "nist": [ "CM-5" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70309; SV-84931", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34026,6 +34854,7 @@ "nist": [ "CM-6 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70311; SV-84933", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34067,6 +34896,7 @@ "nist": [ "CM-7 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70313; SV-84935", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34108,6 +34938,7 @@ "nist": [ "CM-7 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70317; SV-84939", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34149,6 +34980,7 @@ "nist": [ "CM-9 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70339; SV-84961", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34190,6 +35022,7 @@ "nist": [ "CM-9 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70341; SV-84963", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34231,6 +35064,7 @@ "nist": [ "CM-9 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70343; SV-84965", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34272,6 +35106,7 @@ "nist": [ "CM-9 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70345; SV-84967", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34313,6 +35148,7 @@ "nist": [ "CP-11" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70347; SV-84969", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34354,6 +35190,7 @@ "nist": [ "CP-2 (8)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70349; SV-84971", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34395,6 +35232,7 @@ "nist": [ "CP-2 a 1" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70351; SV-84973", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34436,6 +35274,7 @@ "nist": [ "CP-2 a 2" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70353; SV-84975", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34477,6 +35316,7 @@ "nist": [ "CP-9 (b)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70355; SV-84977", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34518,6 +35358,7 @@ "nist": [ "CP-9 (d)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70357; SV-84979", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34559,6 +35400,7 @@ "nist": [ "CP-9 (d)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70359; SV-84981", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34600,6 +35442,7 @@ "nist": [ "IA-5 (6)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70361; SV-84983", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34641,6 +35484,7 @@ "nist": [ "IA-5 (7)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70363; SV-84985", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34682,6 +35526,7 @@ "nist": [ "MP-3 a" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70365; SV-84987", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34723,6 +35568,7 @@ "nist": [ "PM-14 a 2" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70367; SV-84989", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34764,6 +35610,7 @@ "nist": [ "SA-10 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70369; SV-84991", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34805,6 +35652,7 @@ "nist": [ "SA-11 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70371; SV-84993", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34846,6 +35694,7 @@ "nist": [ "SA-11 (2)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70373; SV-84995", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34887,6 +35736,7 @@ "nist": [ "SA-11 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70375; SV-84997", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34928,6 +35778,7 @@ "nist": [ "SA-11 (4)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70377; SV-84999", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34969,6 +35820,7 @@ "nist": [ "SA-11 (8)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70379; SV-85001", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35010,6 +35862,7 @@ "nist": [ "SA-11 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70381; SV-85003", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35051,6 +35904,7 @@ "nist": [ "SA-11 e" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70383; SV-85005", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35092,6 +35946,7 @@ "nist": [ "SA-15 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70385; SV-85007", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35133,6 +35988,7 @@ "nist": [ "SA-15 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70387; SV-85009", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35174,6 +36030,7 @@ "nist": [ "SA-15 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70389; SV-85011", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35215,6 +36072,7 @@ "nist": [ "SA-15 (5)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70391; SV-85013", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35256,6 +36114,7 @@ "nist": [ "SA-15 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70393; SV-85015", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35297,6 +36156,7 @@ "nist": [ "SA-22 a" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70395; SV-85017", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35338,6 +36198,7 @@ "nist": [ "SA-22 a" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70397; SV-85019", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35379,6 +36240,7 @@ "nist": [ "SA-22 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70399; SV-85021", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35420,6 +36282,7 @@ "nist": [ "SA-4 (5) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70401; SV-85023", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35461,6 +36324,7 @@ "nist": [ "SA-4 (5) (a)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70403; SV-85025", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35502,6 +36366,7 @@ "nist": [ "SA-5 a 1" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70405; SV-85027", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35543,6 +36408,7 @@ "nist": [ "SA-5 a 1" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70407; SV-85029", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35584,6 +36450,7 @@ "nist": [ "SC-18 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70409; SV-85031", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35625,6 +36492,7 @@ "nist": [ "SC-28 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70411; SV-85033", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35666,6 +36534,7 @@ "nist": [ "SC-5" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70413; SV-85035", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35707,6 +36576,7 @@ "nist": [ "SI-4 (12)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70415; SV-85037", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35748,6 +36618,7 @@ "nist": [ "SI-5 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70417; SV-85039", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35789,6 +36660,7 @@ "nist": [ "SI-5 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70419; SV-85041", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35830,6 +36702,7 @@ "nist": [ "SC-7 (13)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70421; SV-85043", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35871,6 +36744,7 @@ "nist": [ "AU-12 c" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70423; SV-85045", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35912,6 +36786,7 @@ "nist": [ "AT-3 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70425; SV-85047", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35953,6 +36828,7 @@ "nist": [ "SC-13 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70189; SV-84811", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35983,7 +36859,7 @@ ] } ], - "sha256": "0d57041a0f5c07558bddcdea8c503c01b53ae6c250b9e3b6604fa16c59c6b0bd", + "sha256": "35832930d09885896e597eabd3c066d944ea965471cc6d37774c0e99ef8d5c77", "parent_profile": "Parent Profile" } ], From b56c07a89b3ea5a3ed3776133ee5dfb68cd37262 Mon Sep 17 00:00:00 2001 From: kemley76 Date: Wed, 12 Jun 2024 09:41:17 -0400 Subject: [PATCH 08/74] remove unecessary lowercase conversion Signed-off-by: kemley76 --- libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts b/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts index 3a3c7f22f7..d1db413474 100644 --- a/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts +++ b/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts @@ -577,7 +577,6 @@ export class ChecklistJsonixConverter extends JsonixIntermediateConverter< } severityMap(impact: number, severityTag: string): Severity { - severityTag = severityTag.toLowerCase(); if ( // test if this control has a valid severity tag severityTag !== Severity.Empty && From fa98d0dc0a7f7338fb10b2a3d72dffa0abd8ac01 Mon Sep 17 00:00:00 2001 From: kemley76 Date: Fri, 14 Jun 2024 10:16:08 -0400 Subject: [PATCH 09/74] show severityoverride and severity justification in details panel Signed-off-by: kemley76 --- .../cards/controltable/ControlRowDetails.vue | 23 +++++++++++++++++-- .../ckl-mapper/checklist-jsonix-converter.ts | 8 +++++-- .../src/ckl-mapper/checklist-mapper.ts | 10 ++++++-- .../src/compat_impl/compat_inspec_1_0.ts | 15 ++++++------ 4 files changed, 43 insertions(+), 13 deletions(-) diff --git a/apps/frontend/src/components/cards/controltable/ControlRowDetails.vue b/apps/frontend/src/components/cards/controltable/ControlRowDetails.vue index 339ae8904d..c1e09d08ae 100644 --- a/apps/frontend/src/components/cards/controltable/ControlRowDetails.vue +++ b/apps/frontend/src/components/cards/controltable/ControlRowDetails.vue @@ -202,7 +202,23 @@ export default class ControlRowDetails extends mixins(HtmlSanitizeMixin) { detailsMap.set('Caveat', this.control.hdf.descriptions.caveat); detailsMap.set('Desc', this.control.data.desc); detailsMap.set('Rationale', this.control.hdf.descriptions.rationale); - detailsMap.set('Severity', this.control.root.hdf.severity); + // default to showing severity tag, otherwise show the computed severity (based of impact or severityoverride) + detailsMap.set( + 'Severity', + _.get( + this.control.root.data.tags, + 'severity', + this.control.root.hdf.severity + ) + ); + detailsMap.set( + 'Severity Override', + _.get(this.control.root.data.tags, 'severityoverride') + ); + detailsMap.set( + 'Severity Override Justification', + _.get(this.control.root.data.tags, 'severityjustification') + ); detailsMap.set('Impact', this.control.data.impact); detailsMap.set('NIST Controls', this.control.hdf.rawNistTags.join(', ')); detailsMap.set('CCI Controls', this.cciControlString); @@ -219,7 +235,10 @@ export default class ControlRowDetails extends mixins(HtmlSanitizeMixin) { const sparseControl = _.omit(this.control, [ 'data.tags.nist', 'data.tags.cci', - 'data.tags.cwe' + 'data.tags.cwe', + 'data.tags.severity', + 'data.tags.severityoverride', + 'data.tags.severityjustification' ]); // Convert all tags to Details diff --git a/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts b/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts index d1db413474..52972b3f90 100644 --- a/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts +++ b/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts @@ -746,8 +746,12 @@ export class ChecklistJsonixConverter extends JsonixIntermediateConverter< control.descriptions as ExecJSON.ControlDescription[] ), findingdetails: this.getFindingDetails(control.results) ?? '', - severityjustification: '', - severityoverride: Severityoverride.Empty + severityjustification: _.get(control.tags, 'severityjustification', ''), + severityoverride: _.get( + control.tags, + 'severityoverride', + Severityoverride.Empty + ) }; vulns.push(vuln); } diff --git a/libs/hdf-converters/src/ckl-mapper/checklist-mapper.ts b/libs/hdf-converters/src/ckl-mapper/checklist-mapper.ts index 486a64c8c5..b8cc5f1f1d 100644 --- a/libs/hdf-converters/src/ckl-mapper/checklist-mapper.ts +++ b/libs/hdf-converters/src/ckl-mapper/checklist-mapper.ts @@ -83,7 +83,8 @@ function transformImpact(vuln: ChecklistVuln): number { if (vuln.status === 'Not Applicable') return 0.0; let impact = ImpactMapping[ - findSeverity(vuln).toLowerCase() as keyof typeof ImpactMapping + // probably fine because there is no "impact" within the checklist world. impact -> Severity is what is worrying + findSeverity(vuln).toLowerCase() as keyof typeof ImpactMapping // is this the thing that I am supposed to deal with?? ]; if (isJsonString(vuln.thirdPartyTools)) { const hdfExistingData = JSON.parse(vuln.thirdPartyTools); @@ -422,7 +423,12 @@ export class ChecklistMapper extends BaseConverter { ['Responsibility', 'responsibility'], ['STIGRef', 'stigRef'], ['Security_Override_Guidance', 'securityOverrideGuidance'], - ['Severity_Justification', 'severityJustification'] + + // these two tags are specifically loaded in the details view, + // so, their name will use the property name incase + // other converters use this tag + ['severityoverride', 'severityoverride'], + ['severityjustification', 'severityjustification'] ]; const fullTags: Record = {}; for (const [key, path] of tags) { diff --git a/libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts b/libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts index 1c56c490f3..220d76d90b 100644 --- a/libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts +++ b/libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts @@ -164,14 +164,15 @@ abstract class HDFControl10 implements HDFControl { private static compute_severity( raw: ResultControl_1_0 | ProfileControl_1_0 ): Severity { - if ( - // use severity tag if it exists - ['none', 'low', 'medium', 'high', 'critical'].includes( - raw.tags['severity'] - ) - ) { + const severities = ['none', 'low', 'medium', 'high', 'critical']; + + // use severityoverride tag if it exists + if (severities.includes(raw.tags['severityoverride'])) + return raw.tags['severityoverride']; + + // use severity tag if it exists + if (severities.includes(raw.tags['severity'])) return raw.tags['severity']; - } // otherwise, compute severity with impact if (raw.impact < 0.1) { From cdcf9377b1610b079cf000cb8d864ddc3c244cec Mon Sep 17 00:00:00 2001 From: kemley76 Date: Fri, 14 Jun 2024 11:43:34 -0400 Subject: [PATCH 10/74] severity override info displayed in results table Signed-off-by: kemley76 --- .../cards/controltable/ControlRowHeader.vue | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue b/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue index 21ed91ef7d..4bebc5d293 100644 --- a/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue +++ b/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue @@ -47,7 +47,24 @@ :total-count="4" /> - {{ (control.hdf.severity || 'none').toUpperCase() }} + + + + Severity has been overridden from + {{ control.data.tags['severity'] ?? 'Unknown' }} to + {{ control.data.tags['severityoverride'] }}
Justification: + {{ control.data.tags['severityjustification'] }} + + {{ + (control.hdf.severity || 'none').toUpperCase() + }}
Date: Fri, 14 Jun 2024 13:50:52 -0400 Subject: [PATCH 11/74] format results view impact column to show severity as well Signed-off-by: kemley76 --- .../cards/controltable/ControlRowHeader.vue | 73 ++++++------------- .../cards/controltable/ControlTable.vue | 27 +++---- .../src/components/generic/ColumnHeader.vue | 1 + 3 files changed, 38 insertions(+), 63 deletions(-) diff --git a/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue b/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue index 4bebc5d293..2e36f02282 100644 --- a/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue +++ b/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue @@ -41,40 +41,29 @@ @@ -180,7 +169,6 @@ export default class ControlRowHeader extends mixins(HtmlSanitizeMixin) { readonly viewedControls!: string[]; @Prop({type: Boolean, default: false}) readonly controlExpanded!: boolean; - @Prop({type: Boolean, default: false}) readonly showImpact!: boolean; get runTime(): string { return `${_.truncate(getControlRunTime(this.control).toString(), { @@ -230,21 +218,6 @@ export default class ControlRowHeader extends mixins(HtmlSanitizeMixin) { return 4; } - severity_arrow_count(severity: string): number { - switch (severity) { - case 'low': - return 1; - case 'medium': - return 2; - case 'high': - return 3; - case 'critical': - return 4; - default: - return 0; - } - } - // Get NIST tag description for NIST tag, this is pulled from the 800-53 xml // and relies on a script not contained in the project descriptionForTag(tag: string): string { diff --git a/apps/frontend/src/components/cards/controltable/ControlTable.vue b/apps/frontend/src/components/cards/controltable/ControlTable.vue index 000d22dde2..ed391956aa 100644 --- a/apps/frontend/src/components/cards/controltable/ControlTable.vue +++ b/apps/frontend/src/components/cards/controltable/ControlTable.vue @@ -81,10 +81,13 @@ From c560395401f9b98fd6bf4c208502392156d1f753 Mon Sep 17 00:00:00 2001 From: kemley76 Date: Fri, 14 Jun 2024 15:56:20 -0400 Subject: [PATCH 12/74] linting Signed-off-by: kemley76 --- libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts b/libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts index 220d76d90b..982912a69a 100644 --- a/libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts +++ b/libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts @@ -171,8 +171,7 @@ abstract class HDFControl10 implements HDFControl { return raw.tags['severityoverride']; // use severity tag if it exists - if (severities.includes(raw.tags['severity'])) - return raw.tags['severity']; + if (severities.includes(raw.tags['severity'])) return raw.tags['severity']; // otherwise, compute severity with impact if (raw.impact < 0.1) { From 9e2b5b9465f96c5ce5e0d35a0a95fc82f76c5ff3 Mon Sep 17 00:00:00 2001 From: kemley76 Date: Mon, 17 Jun 2024 09:54:42 -0400 Subject: [PATCH 13/74] added severity and severity overrides to hdf2ckl and ckl2hdf Signed-off-by: kemley76 --- .../checklist-RHEL9_overrides_hdf.json | 299 +++++++++ .../converted-rhel7_overrides.ckl | 572 ++++++++++++++++++ .../RHEL7_overrides_hdf.json | 289 +++++++++ .../sample_input_report/RHEL9_overrides.ckl | 514 ++++++++++++++++ .../mappers/forward/checklist_mapper.spec.ts | 28 + .../reverse/checklist_reverse_mapper.spec.ts | 30 + 6 files changed, 1732 insertions(+) create mode 100644 libs/hdf-converters/sample_jsons/checklist_mapper/checklist-RHEL9_overrides_hdf.json create mode 100644 libs/hdf-converters/sample_jsons/checklist_mapper/converted-rhel7_overrides.ckl create mode 100644 libs/hdf-converters/sample_jsons/checklist_mapper/sample_input_report/RHEL7_overrides_hdf.json create mode 100644 libs/hdf-converters/sample_jsons/checklist_mapper/sample_input_report/RHEL9_overrides.ckl diff --git a/libs/hdf-converters/sample_jsons/checklist_mapper/checklist-RHEL9_overrides_hdf.json b/libs/hdf-converters/sample_jsons/checklist_mapper/checklist-RHEL9_overrides_hdf.json new file mode 100644 index 0000000000..42ef29e671 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/checklist_mapper/checklist-RHEL9_overrides_hdf.json @@ -0,0 +1,299 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.8" + }, + "version": "2.10.8", + "statistics": {}, + "profiles": [ + { + "name": "RHEL_9_STIG", + "version": "1", + "title": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide", + "summary": "This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.", + "license": "terms-of-use", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "tags": { + "gtitle": "SRG-OS-000480-GPOS-00227", + "rid": "SV-257777r925318_rule", + "gid": "V-257777", + "stig_id": "RHEL-09-211010", + "cci": [ + "CCI-000366" + ], + "nist": [ + "CM-6 b" + ], + "severity": "high", + "weight": "10.0", + "STIGRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "severityoverride": "medium", + "severityjustification": "both N/A and overidden" + }, + "refs": [], + "source_location": {}, + "title": "RHEL 9 must be a vendor-supported release.", + "id": "V-257777", + "desc": "An operating system release is considered \"supported\" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.\n\nRed Hat offers the Extended Update Support (EUS) add-on to a Red Hat Enterprise Linux subscription, for a fee, for those customers who wish to standardize on a specific minor release for an extended period.", + "descriptions": [ + { + "data": "Verify that the version or RHEL 9 is vendor supported with the following command:\n\n$ cat /etc/redhat-release \n\nRed Hat Enterprise Linux release 9.2 (Plow)\n\nIf the installed version of RHEL 9 is not supported, this is a finding.", + "label": "check" + }, + { + "data": "Upgrade to a supported version of RHEL 9.", + "label": "fix" + } + ], + "impact": 0, + "code": "{\n \"status\": \"Not Applicable\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"medium\",\n \"severityjustification\": \"both N/A and overidden\",\n \"vulnNum\": \"V-257777\",\n \"severity\": \"high\",\n \"groupTitle\": \"SRG-OS-000480-GPOS-00227\",\n \"ruleId\": \"SV-257777r925318_rule\",\n \"ruleVer\": \"RHEL-09-211010\",\n \"ruleTitle\": \"RHEL 9 must be a vendor-supported release.\",\n \"vulnDiscuss\": \"An operating system release is considered \\\"supported\\\" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.\\n\\nRed Hat offers the Extended Update Support (EUS) add-on to a Red Hat Enterprise Linux subscription, for a fee, for those customers who wish to standardize on a specific minor release for an extended period.\",\n \"iaControls\": \"\",\n \"checkContent\": \"Verify that the version or RHEL 9 is vendor supported with the following command:\\n\\n$ cat /etc/redhat-release \\n\\nRed Hat Enterprise Linux release 9.2 (Plow)\\n\\nIf the installed version of RHEL 9 is not supported, this is a finding.\",\n \"fixText\": \"Upgrade to a supported version of RHEL 9.\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024\",\n \"targetKey\": \"5551\",\n \"stigUuid\": \"\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-000366\"\n}", + "results": [ + { + "status": "skipped", + "code_desc": "", + "start_time": "" + } + ] + }, + { + "tags": { + "gtitle": "SRG-OS-000480-GPOS-00227", + "rid": "SV-257778r925321_rule", + "gid": "V-257778", + "stig_id": "RHEL-09-211015", + "cci": [ + "CCI-000366" + ], + "nist": [ + "CM-6 b" + ], + "severity": "medium", + "weight": "10.0", + "STIGRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "severityoverride": "low", + "severityjustification": "Overidden" + }, + "refs": [], + "source_location": {}, + "title": "RHEL 9 vendor packaged system security patches and updates must be installed and up to date.", + "id": "V-257778", + "desc": "Installing software updates is a fundamental mitigation against the exploitation of publicly known vulnerabilities. If the most recent security patches and updates are not installed, unauthorized users may take advantage of weaknesses in the unpatched software. The lack of prompt attention to patching could result in a system compromise.", + "descriptions": [ + { + "data": "Verify RHEL 9 security patches and updates are installed and up to date. Updates are required to be applied with a frequency determined by organizational policy.\n\nObtain the list of available package security updates from Red Hat. The URL for updates is https://access.redhat.com/errata-search/. It is important to note that updates provided by Red Hat may not be present on the system if the underlying packages are not installed.\n\nCheck that the available package security updates have been installed on the system with the following command:\n\n$ dnf history list | more\n\n ID | Command line | Date and time | Action(s) | Altered \n------------------------------------------------------------------------------- \n 70 | install aide | 2023-03-05 10:58 | Install | 1 \n 69 | update -y | 2023-03-04 14:34 | Update | 18 EE \n 68 | install vlc | 2023-02-21 17:12 | Install | 21 \n 67 | update -y | 2023-02-21 17:04 | Update | 7 EE \n\nTypical update frequency may be overridden by Information Assurance Vulnerability Alert (IAVA) notifications from CYBERCOM.\n\nIf the system is in noncompliance with the organizational patching policy, this is a finding.", + "label": "check" + }, + { + "data": "Install RHEL 9 security patches and updates at the organizationally defined frequency. If system updates are installed via a centralized repository that is configured on the system, all updates can be installed with the following command:\n\n$ sudo dnf update", + "label": "fix" + } + ], + "impact": 0.3, + "code": "{\n \"status\": \"Failed\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"low\",\n \"severityjustification\": \"Overidden\",\n \"vulnNum\": \"V-257778\",\n \"severity\": \"medium\",\n \"groupTitle\": \"SRG-OS-000480-GPOS-00227\",\n \"ruleId\": \"SV-257778r925321_rule\",\n \"ruleVer\": \"RHEL-09-211015\",\n \"ruleTitle\": \"RHEL 9 vendor packaged system security patches and updates must be installed and up to date.\",\n \"vulnDiscuss\": \"Installing software updates is a fundamental mitigation against the exploitation of publicly known vulnerabilities. If the most recent security patches and updates are not installed, unauthorized users may take advantage of weaknesses in the unpatched software. The lack of prompt attention to patching could result in a system compromise.\",\n \"iaControls\": \"\",\n \"checkContent\": \"Verify RHEL 9 security patches and updates are installed and up to date. Updates are required to be applied with a frequency determined by organizational policy.\\n\\nObtain the list of available package security updates from Red Hat. The URL for updates is https://access.redhat.com/errata-search/. It is important to note that updates provided by Red Hat may not be present on the system if the underlying packages are not installed.\\n\\nCheck that the available package security updates have been installed on the system with the following command:\\n\\n$ dnf history list | more\\n\\n ID | Command line | Date and time | Action(s) | Altered \\n------------------------------------------------------------------------------- \\n 70 | install aide | 2023-03-05 10:58 | Install | 1 \\n 69 | update -y | 2023-03-04 14:34 | Update | 18 EE \\n 68 | install vlc | 2023-02-21 17:12 | Install | 21 \\n 67 | update -y | 2023-02-21 17:04 | Update | 7 EE \\n\\nTypical update frequency may be overridden by Information Assurance Vulnerability Alert (IAVA) notifications from CYBERCOM.\\n\\nIf the system is in noncompliance with the organizational patching policy, this is a finding.\",\n \"fixText\": \"Install RHEL 9 security patches and updates at the organizationally defined frequency. If system updates are installed via a centralized repository that is configured on the system, all updates can be installed with the following command:\\n\\n$ sudo dnf update\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024\",\n \"targetKey\": \"5551\",\n \"stigUuid\": \"\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-000366\"\n}", + "results": [ + { + "status": "failed", + "code_desc": "", + "start_time": "" + } + ] + }, + { + "tags": { + "gtitle": "SRG-OS-000023-GPOS-00006", + "rid": "SV-257779r925324_rule", + "gid": "V-257779", + "stig_id": "RHEL-09-211020", + "cci": [ + "CCI-000048", + "CCI-001384", + "CCI-001385", + "CCI-001386", + "CCI-001387", + "CCI-001388" + ], + "nist": [ + "AC-8 a", + "AC-8 c 1", + "AC-8 c 2", + "AC-8 c 3" + ], + "severity": "medium", + "weight": "10.0", + "STIGRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024" + }, + "refs": [], + "source_location": {}, + "title": "RHEL 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a command line user logon.", + "id": "V-257779", + "desc": "Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.\n\nSystem use notifications are required only for access via login interfaces with human users and are not required when such human interfaces do not exist.\n\nSatisfies: SRG-OS-000023-GPOS-00006, SRG-OS-000228-GPOS-00088", + "descriptions": [ + { + "data": "Verify RHEL 9 displays the Standard Mandatory DOD Notice and Consent Banner before granting access to the operating system via a command line user logon.\n\nCheck that a banner is displayed at the command line login screen with the following command:\n\n$ sudo cat /etc/issue\n\nIf the banner is set correctly it will return the following text:\n\n\"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\n\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\n\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n\n-At any time, the USG may inspect and seize data stored on this IS.\n\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\n\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.\n\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.\"\n\nIf the banner text does not match the Standard Mandatory DOD Notice and Consent Banner exactly, or the line is commented out, this is a finding.", + "label": "check" + }, + { + "data": "Configure RHEL 9 to display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via command line logon.\n\nEdit the \"/etc/issue\" file to replace the default text with the Standard Mandatory DOD Notice and Consent Banner. The DOD-required text is:\n\n\"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\n\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\n\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n\n-At any time, the USG may inspect and seize data stored on this IS.\n\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\n\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests -- not for your personal benefit or privacy.\n\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.\"", + "label": "fix" + } + ], + "impact": 0, + "code": "{\n \"status\": \"Not Applicable\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"\",\n \"severityjustification\": \"\",\n \"vulnNum\": \"V-257779\",\n \"severity\": \"medium\",\n \"groupTitle\": \"SRG-OS-000023-GPOS-00006\",\n \"ruleId\": \"SV-257779r925324_rule\",\n \"ruleVer\": \"RHEL-09-211020\",\n \"ruleTitle\": \"RHEL 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a command line user logon.\",\n \"vulnDiscuss\": \"Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.\\n\\nSystem use notifications are required only for access via login interfaces with human users and are not required when such human interfaces do not exist.\\n\\nSatisfies: SRG-OS-000023-GPOS-00006, SRG-OS-000228-GPOS-00088\",\n \"iaControls\": \"\",\n \"checkContent\": \"Verify RHEL 9 displays the Standard Mandatory DOD Notice and Consent Banner before granting access to the operating system via a command line user logon.\\n\\nCheck that a banner is displayed at the command line login screen with the following command:\\n\\n$ sudo cat /etc/issue\\n\\nIf the banner is set correctly it will return the following text:\\n\\n\\\"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\\n\\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\\n\\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\\n\\n-At any time, the USG may inspect and seize data stored on this IS.\\n\\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\\n\\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.\\n\\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.\\\"\\n\\nIf the banner text does not match the Standard Mandatory DOD Notice and Consent Banner exactly, or the line is commented out, this is a finding.\",\n \"fixText\": \"Configure RHEL 9 to display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via command line logon.\\n\\nEdit the \\\"/etc/issue\\\" file to replace the default text with the Standard Mandatory DOD Notice and Consent Banner. The DOD-required text is:\\n\\n\\\"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\\n\\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\\n\\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\\n\\n-At any time, the USG may inspect and seize data stored on this IS.\\n\\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\\n\\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests -- not for your personal benefit or privacy.\\n\\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.\\\"\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024\",\n \"targetKey\": \"5551\",\n \"stigUuid\": \"\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-000048; CCI-001384; CCI-001385; CCI-001386; CCI-001387; CCI-001388\"\n}", + "results": [ + { + "status": "skipped", + "code_desc": "", + "start_time": "" + } + ] + } + ], + "sha256": "00f87a504cf45ffd51818a8d9ff76bcaf1c5ac0902c2e62e32de0d6ef476f393" + } + ], + "passthrough": { + "checklist": { + "asset": { + "role": "None", + "assettype": "Computing", + "hostname": "", + "hostip": "", + "hostmac": "", + "hostfqdn": "", + "marking": "CUI", + "targetcomment": "", + "techarea": "", + "targetkey": "5551", + "webordatabase": false, + "webdbsite": "", + "webdbinstance": "" + }, + "stigs": [ + { + "header": { + "version": "1", + "classification": "UNCLASSIFIED", + "customname": "", + "stigid": "RHEL_9_STIG", + "description": "This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.", + "filename": "U_RHEL_9_STIG_V1R3_Manual-xccdf.xml", + "releaseinfo": "Release: 3 Benchmark Date: 24 Apr 2024", + "title": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide", + "uuid": "47e1d7ee-1fe2-4f8b-9914-3aaa2b6ace72", + "notice": "terms-of-use", + "source": "STIG.DOD.MIL" + }, + "vulns": [ + { + "status": "Not Applicable", + "findingdetails": "", + "comments": "", + "severityoverride": "medium", + "severityjustification": "both N/A and overidden", + "vulnNum": "V-257777", + "severity": "high", + "groupTitle": "SRG-OS-000480-GPOS-00227", + "ruleId": "SV-257777r925318_rule", + "ruleVer": "RHEL-09-211010", + "ruleTitle": "RHEL 9 must be a vendor-supported release.", + "vulnDiscuss": "An operating system release is considered \"supported\" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.\n\nRed Hat offers the Extended Update Support (EUS) add-on to a Red Hat Enterprise Linux subscription, for a fee, for those customers who wish to standardize on a specific minor release for an extended period.", + "iaControls": "", + "checkContent": "Verify that the version or RHEL 9 is vendor supported with the following command:\n\n$ cat /etc/redhat-release \n\nRed Hat Enterprise Linux release 9.2 (Plow)\n\nIf the installed version of RHEL 9 is not supported, this is a finding.", + "fixText": "Upgrade to a supported version of RHEL 9.", + "falsePositives": "", + "falseNegatives": "", + "documentable": "false", + "mitigations": "", + "potentialImpact": "", + "thirdPartyTools": "", + "mitigationControl": "", + "responsibility": "", + "securityOverrideGuidance": "", + "checkContentRef": "M", + "weight": "10.0", + "class": "Unclass", + "stigRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "targetKey": "5551", + "stigUuid": "", + "legacyId": "; ", + "cciRef": "CCI-000366" + }, + { + "status": "Failed", + "findingdetails": "", + "comments": "", + "severityoverride": "low", + "severityjustification": "Overidden", + "vulnNum": "V-257778", + "severity": "medium", + "groupTitle": "SRG-OS-000480-GPOS-00227", + "ruleId": "SV-257778r925321_rule", + "ruleVer": "RHEL-09-211015", + "ruleTitle": "RHEL 9 vendor packaged system security patches and updates must be installed and up to date.", + "vulnDiscuss": "Installing software updates is a fundamental mitigation against the exploitation of publicly known vulnerabilities. If the most recent security patches and updates are not installed, unauthorized users may take advantage of weaknesses in the unpatched software. The lack of prompt attention to patching could result in a system compromise.", + "iaControls": "", + "checkContent": "Verify RHEL 9 security patches and updates are installed and up to date. Updates are required to be applied with a frequency determined by organizational policy.\n\nObtain the list of available package security updates from Red Hat. The URL for updates is https://access.redhat.com/errata-search/. It is important to note that updates provided by Red Hat may not be present on the system if the underlying packages are not installed.\n\nCheck that the available package security updates have been installed on the system with the following command:\n\n$ dnf history list | more\n\n ID | Command line | Date and time | Action(s) | Altered \n------------------------------------------------------------------------------- \n 70 | install aide | 2023-03-05 10:58 | Install | 1 \n 69 | update -y | 2023-03-04 14:34 | Update | 18 EE \n 68 | install vlc | 2023-02-21 17:12 | Install | 21 \n 67 | update -y | 2023-02-21 17:04 | Update | 7 EE \n\nTypical update frequency may be overridden by Information Assurance Vulnerability Alert (IAVA) notifications from CYBERCOM.\n\nIf the system is in noncompliance with the organizational patching policy, this is a finding.", + "fixText": "Install RHEL 9 security patches and updates at the organizationally defined frequency. If system updates are installed via a centralized repository that is configured on the system, all updates can be installed with the following command:\n\n$ sudo dnf update", + "falsePositives": "", + "falseNegatives": "", + "documentable": "false", + "mitigations": "", + "potentialImpact": "", + "thirdPartyTools": "", + "mitigationControl": "", + "responsibility": "", + "securityOverrideGuidance": "", + "checkContentRef": "M", + "weight": "10.0", + "class": "Unclass", + "stigRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "targetKey": "5551", + "stigUuid": "", + "legacyId": "; ", + "cciRef": "CCI-000366" + }, + { + "status": "Not Applicable", + "findingdetails": "", + "comments": "", + "severityoverride": "", + "severityjustification": "", + "vulnNum": "V-257779", + "severity": "medium", + "groupTitle": "SRG-OS-000023-GPOS-00006", + "ruleId": "SV-257779r925324_rule", + "ruleVer": "RHEL-09-211020", + "ruleTitle": "RHEL 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a command line user logon.", + "vulnDiscuss": "Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.\n\nSystem use notifications are required only for access via login interfaces with human users and are not required when such human interfaces do not exist.\n\nSatisfies: SRG-OS-000023-GPOS-00006, SRG-OS-000228-GPOS-00088", + "iaControls": "", + "checkContent": "Verify RHEL 9 displays the Standard Mandatory DOD Notice and Consent Banner before granting access to the operating system via a command line user logon.\n\nCheck that a banner is displayed at the command line login screen with the following command:\n\n$ sudo cat /etc/issue\n\nIf the banner is set correctly it will return the following text:\n\n\"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\n\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\n\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n\n-At any time, the USG may inspect and seize data stored on this IS.\n\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\n\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.\n\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.\"\n\nIf the banner text does not match the Standard Mandatory DOD Notice and Consent Banner exactly, or the line is commented out, this is a finding.", + "fixText": "Configure RHEL 9 to display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via command line logon.\n\nEdit the \"/etc/issue\" file to replace the default text with the Standard Mandatory DOD Notice and Consent Banner. The DOD-required text is:\n\n\"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\n\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\n\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n\n-At any time, the USG may inspect and seize data stored on this IS.\n\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\n\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests -- not for your personal benefit or privacy.\n\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.\"", + "falsePositives": "", + "falseNegatives": "", + "documentable": "false", + "mitigations": "", + "potentialImpact": "", + "thirdPartyTools": "", + "mitigationControl": "", + "responsibility": "", + "securityOverrideGuidance": "", + "checkContentRef": "M", + "weight": "10.0", + "class": "Unclass", + "stigRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "targetKey": "5551", + "stigUuid": "", + "legacyId": "; ", + "cciRef": "CCI-000048; CCI-001384; CCI-001385; CCI-001386; CCI-001387; CCI-001388" + } + ] + } + ] + } + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/checklist_mapper/converted-rhel7_overrides.ckl b/libs/hdf-converters/sample_jsons/checklist_mapper/converted-rhel7_overrides.ckl new file mode 100644 index 0000000000..bde85b5106 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/checklist_mapper/converted-rhel7_overrides.ckl @@ -0,0 +1,572 @@ + + + + + None + Computing + CUI + + + + + + + + false + + + + + + + + version + 0 + + + classification + UNCLASSIFIED + + + customname + {"hdfSpecificData":{"copyright":"SIMP Team","copyright_email":"simp-dev@googlegroups.com","maintainer":"SIMP Team","version":"0.2.0"}} + + + stigid + disa_stig-el7 + + + description + The `disa_stig-el7` inspec profile helps scan your system aginst the DISA RHEL7 STIG + + + filename + + + releaseinfo + Release: 2 + + + title + DISA RedHat Enterprise Linux 7 STIG - v1r4 + + + uuid + + + notice + Apache-2.0 + + + source + STIG.DOD.MIL + + + + + Vuln_Num + V-71849 + + + Severity + high + + + Group_Title + SRG-OS-000257-GPOS-00098 + + + Rule_ID + SV-86473r2_rule + + + Rule_Ver + RHEL-07-010010 + + + Rule_Title + The file permissions, ownership, and group membership of system files and commands must match the vendor values. + + + Vuln_Discuss + Discretionary access control is weakened if a user or group has access permissions to system files and directories greater than the default. + + + IA_Controls + + + + Check_Content + Verify the file permissions, ownership, and group membership of +system files and commands match the vendor values. + +Check the file permissions, ownership, and group membership of system files and +commands with the following command: + +# rpm -Va | grep '^.M' + +If there is any output from the command indicating that the ownership or group +of a system file or command, or a system file, has permissions less restrictive +than the default, this is a finding. + + + Fix_Text + Run the following command to determine which package owns the +file: + +# rpm -qf <filename> + +Reset the permissions of files within a package with the following command: + +#rpm --setperms <packagename> + +Reset the user and group ownership of files within a package with the following +command: + +#rpm --setugids <packagename> + + + False_Positives + + + + False_Negatives + + + + Documentable + false + + + Mitigations + + + + Potential_Impact + + + + Third_Party_Tools + + + + Mitigation_Control + + + + Responsibility + + + + Security_Override_Guidance + + + + Check_Content_Ref + M + + + Weight + 10.0 + + + Class + Unclass + + + STIGRef + DISA RedHat Enterprise Linux 7 STIG - v1r4 :: Version 0, Release: 2 + + + TargetKey + + + + STIG_UUID + + + + CCI_REF + CCI-001494 + + + CCI_REF + CCI-001496 + + Open + failed :: TEST not important :: MESSAGE not important + + + + + + + Vuln_Num + V-71855 + + + Severity + low + + + Group_Title + SRG-OS-000480-GPOS-00227 + + + Rule_ID + SV-86479r2_rule + + + Rule_Ver + RHEL-07-010020 + + + Rule_Title + The cryptographic hash of system files and commands must match vendor +values. + + + Vuln_Discuss + not important + + + IA_Controls + + + + Check_Content + Verify the cryptographic hash of system files and commands +match the vendor values. + +Check the cryptographic hash of system files and commands with the following +command: + +Note: System configuration files (indicated by a "c" in the second column) +are expected to change over time. Unusual modifications should be investigated +through the system audit log. + +# rpm -Va | grep '^..5' + +If there is any output from the command for system binaries, this is a finding. + + + Fix_Text + Run the following command to determine which package owns the +file: + +# rpm -qf <filename> + +The package can be reinstalled from a yum repository using the command: + +# sudo yum reinstall <packagename> + +Alternatively, the package can be reinstalled from trusted media using the +command: + +# sudo rpm -Uvh <packagename> + + + False_Positives + + + + False_Negatives + + + + Documentable + false + + + Mitigations + + + + Potential_Impact + + + + Third_Party_Tools + + + + Mitigation_Control + + + + Responsibility + + + + Security_Override_Guidance + + + + Check_Content_Ref + M + + + Weight + 10.0 + + + Class + Unclass + + + STIGRef + DISA RedHat Enterprise Linux 7 STIG - v1r4 :: Version 0, Release: 2 + + + TargetKey + + + + STIG_UUID + + + + CCI_REF + CCI-000663 + + Not_Reviewed + skipped :: TEST [] should all be in + + medium + This system is not important + + + + Vuln_Num + V-71859 + + + Severity + medium + + + Group_Title + SRG-OS-000023-GPOS-00006 + + + Rule_ID + SV-86483r3_rule + + + Rule_Ver + RHEL-07-010030 + + + Rule_Title + The operating system must display the Standard Mandatory DoD Notice +and Consent Banner before granting local or remote access to the system via a +graphical user logon. + + + Vuln_Discuss + not important + + + IA_Controls + + + + Check_Content + not important + + + Fix_Text + not important + + + False_Positives + + + + False_Negatives + + + + Documentable + false + + + Mitigations + + + + Potential_Impact + + + + Third_Party_Tools + + + + Mitigation_Control + + + + Responsibility + + + + Security_Override_Guidance + + + + Check_Content_Ref + M + + + Weight + 10.0 + + + Class + Unclass + + + STIGRef + DISA RedHat Enterprise Linux 7 STIG - v1r4 :: Version 0, Release: 2 + + + TargetKey + + + + STIG_UUID + + + + CCI_REF + CCI-000048 + + Open + failed :: TEST Command: `dconf read /org/gnome/login-screen/banner-message-enable` stdout.strip should cmp == "true" :: MESSAGE +expected: "true" + got: "" + +(compared using `cmp` matcher) + + + + + + + Vuln_Num + V-71861 + + + Severity + low + + + Group_Title + SRG-OS-000023-GPOS-00006 + + + Rule_ID + SV-86485r3_rule + + + Rule_Ver + RHEL-07-010040 + + + Rule_Title + The operating system must display the approved Standard Mandatory DoD +Notice and Consent Banner before granting local or remote access to the system +via a graphical user logon. + + + Vuln_Discuss + not important + + + IA_Controls + + + + Check_Content + not important + + + Fix_Text + not important + + + False_Positives + + + + False_Negatives + + + + Documentable + false + + + Mitigations + + + + Potential_Impact + + + + Third_Party_Tools + + + + Mitigation_Control + + + + Responsibility + + + + Security_Override_Guidance + + + + Check_Content_Ref + M + + + Weight + 10.0 + + + Class + Unclass + + + STIGRef + DISA RedHat Enterprise Linux 7 STIG - v1r4 :: Version 0, Release: 2 + + + TargetKey + + + + STIG_UUID + + + + CCI_REF + CCI-000048 + + Open + failed :: TEST If no files specify the banner text then this is a finding should equal false :: MESSAGE +expected false + got true + + + + + + + \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/checklist_mapper/sample_input_report/RHEL7_overrides_hdf.json b/libs/hdf-converters/sample_jsons/checklist_mapper/sample_input_report/RHEL7_overrides_hdf.json new file mode 100644 index 0000000000..4cfb387fd9 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/checklist_mapper/sample_input_report/RHEL7_overrides_hdf.json @@ -0,0 +1,289 @@ +{ + "platform": { + "name": "centos", + "release": "7.6.1810" + }, + "profiles": [ + { + "attributes": [], + "controls": [ + { + "code": "not important", + "desc": "Discretionary access control is weakened if a user or group has access permissions to system files and directories greater than the default.", + "descriptions": [ + { + "data": "Discretionary access control is weakened if a user or group has access permissions to system files and directories greater than the default.", + "label": "default" + }, + { + "data": "Verify the file permissions, ownership, and group membership of\nsystem files and commands match the vendor values.\n\nCheck the file permissions, ownership, and group membership of system files and\ncommands with the following command:\n\n# rpm -Va | grep '^.M'\n\nIf there is any output from the command indicating that the ownership or group\nof a system file or command, or a system file, has permissions less restrictive\nthan the default, this is a finding.", + "label": "check" + }, + { + "data": "Run the following command to determine which package owns the\nfile:\n\n# rpm -qf \n\nReset the permissions of files within a package with the following command:\n\n#rpm --setperms \n\nReset the user and group ownership of files within a package with the following\ncommand:\n\n#rpm --setugids ", + "label": "fix" + } + ], + "id": "V-71849", + "impact": 0.3, + "refs": [], + "results": [ + { + "code_desc": "not important", + "message": "not important", + "run_time": 0.00056624, + "start_time": "2019-11-04T16:17:07-05:00", + "status": "failed" + } + ], + "source_location": { + "line": 16, + "ref": "inspec-profile-disa_stig-el7-master/controls/V-71849.rb" + }, + "tags": { + "gtitle": "SRG-OS-000257-GPOS-00098", + "satisfies": [ + "SRG-OS-000257-GPOS-00098", + "SRG-OS-000278-GPOS-00108" + ], + "gid": "V-71849", + "rid": "SV-86473r2_rule", + "stig_id": "RHEL-07-010010", + "cci": [ + "CCI-001494", + "CCI-001496" + ], + "documentable": false, + "nist": [ + "AU-9", + "AU-9 (3)", + "Rev_4" + ], + "subsystems": [ + "permissions", + "package", + "rpm" + ], + "fix_id": "F-78201r3_fix", + "severity": "critical" + }, + "title": "The file permissions, ownership, and group membership of system files and commands must match the vendor values." + }, + { + "code": "not important", + "desc": "not important", + "descriptions": [ + { + "data": "not important", + "label": "default" + }, + { + "data": "Verify the cryptographic hash of system files and commands\nmatch the vendor values.\n\nCheck the cryptographic hash of system files and commands with the following\ncommand:\n\nNote: System configuration files (indicated by a \"c\" in the second column)\nare expected to change over time. Unusual modifications should be investigated\nthrough the system audit log.\n\n# rpm -Va | grep '^..5'\n\nIf there is any output from the command for system binaries, this is a finding.", + "label": "check" + }, + { + "data": "Run the following command to determine which package owns the\nfile:\n\n# rpm -qf \n\nThe package can be reinstalled from a yum repository using the command:\n\n# sudo yum reinstall \n\nAlternatively, the package can be reinstalled from trusted media using the\ncommand:\n\n# sudo rpm -Uvh ", + "label": "fix" + } + ], + "id": "V-71855", + "impact": 0.7, + "refs": [], + "results": [ + { + "code_desc": "[] should all be in", + "run_time": 0.000103517, + "start_time": "2019-11-04T16:17:07-05:00", + "status": "skipped" + } + ], + "source_location": { + "line": 15, + "ref": "inspec-profile-disa_stig-el7-master/controls/V-71855.rb" + }, + "tags": { + "gtitle": "SRG-OS-000480-GPOS-00227", + "gid": "V-71855", + "rid": "SV-86479r2_rule", + "stig_id": "RHEL-07-010020", + "cci": [ + "CCI-000663" + ], + "documentable": false, + "nist": [ + "SA-7", + "Rev_4" + ], + "subsystems": [ + "rpm", + "package" + ], + "fix_id": "F-78207r1_fix", + "severity": "low", + "severityoverride": "medium", + "severityjustification": "This system is not important" + }, + "title": "The cryptographic hash of system files and commands must match vendor\nvalues." + }, + { + "code": "not important", + "desc": "not important", + "descriptions": [ + { + "data": "not important", + "label": "default" + }, + { + "data": "not important", + "label": "check" + }, + { + "data": "not important", + "label": "fix" + } + ], + "id": "V-71859", + "impact": 0.5, + "refs": [], + "results": [ + { + "code_desc": "Command: `dconf read /org/gnome/login-screen/banner-message-enable` stdout.strip should cmp == \"true\"", + "message": "\nexpected: \"true\"\n got: \"\"\n\n(compared using `cmp` matcher)\n", + "run_time": 0.017205426, + "start_time": "2019-11-04T16:17:07-05:00", + "status": "failed" + } + ], + "source_location": { + "line": 14, + "ref": "inspec-profile-disa_stig-el7-master/controls/V-71859.rb" + }, + "tags": { + "gtitle": "SRG-OS-000023-GPOS-00006", + "satisfies": [ + "SRG-OS-000023-GPOS-00006", + "SRG-OS-000024-GPOS-00007", + "SRG-OS-000228-GPOS-00088" + ], + "gid": "V-71859", + "rid": "SV-86483r3_rule", + "stig_id": "RHEL-07-010030", + "cci": [ + "CCI-000048" + ], + "documentable": false, + "nist": [ + "AC-8 a", + "Rev_4" + ], + "subsystem": [ + "gdm" + ], + "fix_id": "F-78211r4_fix" + }, + "title": "The operating system must display the Standard Mandatory DoD Notice\nand Consent Banner before granting local or remote access to the system via a\ngraphical user logon." + }, + { + "code": "not important", + "desc": "not important", + "descriptions": [ + { + "data": "not important", + "label": "default" + }, + { + "data": "not important", + "label": "check" + }, + { + "data": "not important", + "label": "fix" + } + ], + "id": "V-71861", + "impact": 0.5, + "refs": [], + "results": [ + { + "code_desc": "If no files specify the banner text then this is a finding should equal false", + "message": "\nexpected false\n got true\n", + "run_time": 0.001565842, + "start_time": "2019-11-04T16:17:07-05:00", + "status": "failed" + } + ], + "source_location": { + "line": 29, + "ref": "inspec-profile-disa_stig-el7-master/controls/V-71861.rb" + }, + "tags": { + "gtitle": "SRG-OS-000023-GPOS-00006", + "satisfies": [ + "SRG-OS-000023-GPOS-00006", + "SRG-OS-000024-GPOS-00007", + "SRG-OS-000228-GPOS-00088" + ], + "gid": "V-71861", + "rid": "SV-86485r3_rule", + "stig_id": "RHEL-07-010040", + "cci": [ + "CCI-000048" + ], + "documentable": false, + "nist": [ + "AC-8 a", + "Rev_4" + ], + "subsystems": [ + "gdm" + ], + "fix_id": "F-78213r5_fix", + "severity": "none" + }, + "title": "The operating system must display the approved Standard Mandatory DoD\nNotice and Consent Banner before granting local or remote access to the system\nvia a graphical user logon." + } + ], + "copyright": "SIMP Team", + "copyright_email": "simp-dev@googlegroups.com", + "groups": [ + { + "controls": [ + "V-71849" + ], + "id": "controls/V-71849.rb" + }, + { + "controls": [ + "V-71855" + ], + "id": "controls/V-71855.rb" + }, + { + "controls": [ + "V-71859" + ], + "id": "controls/V-71859.rb" + }, + { + "controls": [ + "V-71861" + ], + "id": "controls/V-71861.rb" + } + ], + "license": "Apache-2.0", + "maintainer": "SIMP Team", + "name": "disa_stig-el7", + "sha256": "d4ecb3e201285a383a4aa6af8d9028e8311cb1975af2b380f098a21c895246ff", + "status": "loaded", + "summary": "The `disa_stig-el7` inspec profile helps scan your system aginst the DISA RHEL7 STIG", + "supports": [], + "title": "DISA RedHat Enterprise Linux 7 STIG - v1r4", + "version": "0.2.0" + } + ], + "statistics": { + "duration": 10.681128104 + }, + "version": "4.16.0" +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/checklist_mapper/sample_input_report/RHEL9_overrides.ckl b/libs/hdf-converters/sample_jsons/checklist_mapper/sample_input_report/RHEL9_overrides.ckl new file mode 100644 index 0000000000..9514e2f09c --- /dev/null +++ b/libs/hdf-converters/sample_jsons/checklist_mapper/sample_input_report/RHEL9_overrides.ckl @@ -0,0 +1,514 @@ + + + + + None + Computing + CUI + + + + + + + 5551 + false + + + + + + + + version + 1 + + + classification + UNCLASSIFIED + + + customname + + + stigid + RHEL_9_STIG + + + description + This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil. + + + filename + U_RHEL_9_STIG_V1R3_Manual-xccdf.xml + + + releaseinfo + Release: 3 Benchmark Date: 24 Apr 2024 + + + title + Red Hat Enterprise Linux 9 Security Technical Implementation Guide + + + uuid + 47e1d7ee-1fe2-4f8b-9914-3aaa2b6ace72 + + + notice + terms-of-use + + + source + STIG.DOD.MIL + + + + + Vuln_Num + V-257777 + + + Severity + high + + + Group_Title + SRG-OS-000480-GPOS-00227 + + + Rule_ID + SV-257777r925318_rule + + + Rule_Ver + RHEL-09-211010 + + + Rule_Title + RHEL 9 must be a vendor-supported release. + + + Vuln_Discuss + An operating system release is considered "supported" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software. + +Red Hat offers the Extended Update Support (EUS) add-on to a Red Hat Enterprise Linux subscription, for a fee, for those customers who wish to standardize on a specific minor release for an extended period. + + + IA_Controls + + + + Check_Content + Verify that the version or RHEL 9 is vendor supported with the following command: + +$ cat /etc/redhat-release + +Red Hat Enterprise Linux release 9.2 (Plow) + +If the installed version of RHEL 9 is not supported, this is a finding. + + + Fix_Text + Upgrade to a supported version of RHEL 9. + + + False_Positives + + + + False_Negatives + + + + Documentable + false + + + Mitigations + + + + Potential_Impact + + + + Third_Party_Tools + + + + Mitigation_Control + + + + Responsibility + + + + Security_Override_Guidance + + + + Check_Content_Ref + M + + + Weight + 10.0 + + + Class + Unclass + + + STIGRef + Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024 + + + TargetKey + 5551 + + + STIG_UUID + + + + LEGACY_ID + + + + LEGACY_ID + + + + CCI_REF + CCI-000366 + + Not_Applicable + + + medium + both N/A and overidden + + + + Vuln_Num + V-257778 + + + Severity + medium + + + Group_Title + SRG-OS-000480-GPOS-00227 + + + Rule_ID + SV-257778r925321_rule + + + Rule_Ver + RHEL-09-211015 + + + Rule_Title + RHEL 9 vendor packaged system security patches and updates must be installed and up to date. + + + Vuln_Discuss + Installing software updates is a fundamental mitigation against the exploitation of publicly known vulnerabilities. If the most recent security patches and updates are not installed, unauthorized users may take advantage of weaknesses in the unpatched software. The lack of prompt attention to patching could result in a system compromise. + + + IA_Controls + + + + Check_Content + Verify RHEL 9 security patches and updates are installed and up to date. Updates are required to be applied with a frequency determined by organizational policy. + +Obtain the list of available package security updates from Red Hat. The URL for updates is https://access.redhat.com/errata-search/. It is important to note that updates provided by Red Hat may not be present on the system if the underlying packages are not installed. + +Check that the available package security updates have been installed on the system with the following command: + +$ dnf history list | more + + ID | Command line | Date and time | Action(s) | Altered +------------------------------------------------------------------------------- + 70 | install aide | 2023-03-05 10:58 | Install | 1 + 69 | update -y | 2023-03-04 14:34 | Update | 18 EE + 68 | install vlc | 2023-02-21 17:12 | Install | 21 + 67 | update -y | 2023-02-21 17:04 | Update | 7 EE + +Typical update frequency may be overridden by Information Assurance Vulnerability Alert (IAVA) notifications from CYBERCOM. + +If the system is in noncompliance with the organizational patching policy, this is a finding. + + + Fix_Text + Install RHEL 9 security patches and updates at the organizationally defined frequency. If system updates are installed via a centralized repository that is configured on the system, all updates can be installed with the following command: + +$ sudo dnf update + + + False_Positives + + + + False_Negatives + + + + Documentable + false + + + Mitigations + + + + Potential_Impact + + + + Third_Party_Tools + + + + Mitigation_Control + + + + Responsibility + + + + Security_Override_Guidance + + + + Check_Content_Ref + M + + + Weight + 10.0 + + + Class + Unclass + + + STIGRef + Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024 + + + TargetKey + 5551 + + + STIG_UUID + + + + LEGACY_ID + + + + LEGACY_ID + + + + CCI_REF + CCI-000366 + + Open + + + low + Overidden + + + + Vuln_Num + V-257779 + + + Severity + medium + + + Group_Title + SRG-OS-000023-GPOS-00006 + + + Rule_ID + SV-257779r925324_rule + + + Rule_Ver + RHEL-09-211020 + + + Rule_Title + RHEL 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a command line user logon. + + + Vuln_Discuss + Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. + +System use notifications are required only for access via login interfaces with human users and are not required when such human interfaces do not exist. + +Satisfies: SRG-OS-000023-GPOS-00006, SRG-OS-000228-GPOS-00088 + + + IA_Controls + + + + Check_Content + Verify RHEL 9 displays the Standard Mandatory DOD Notice and Consent Banner before granting access to the operating system via a command line user logon. + +Check that a banner is displayed at the command line login screen with the following command: + +$ sudo cat /etc/issue + +If the banner is set correctly it will return the following text: + +"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. + +By using this IS (which includes any device attached to this IS), you consent to the following conditions: + +-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. + +-At any time, the USG may inspect and seize data stored on this IS. + +-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. + +-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy. + +-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details." + +If the banner text does not match the Standard Mandatory DOD Notice and Consent Banner exactly, or the line is commented out, this is a finding. + + + Fix_Text + Configure RHEL 9 to display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via command line logon. + +Edit the "/etc/issue" file to replace the default text with the Standard Mandatory DOD Notice and Consent Banner. The DOD-required text is: + +"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. + +By using this IS (which includes any device attached to this IS), you consent to the following conditions: + +-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. + +-At any time, the USG may inspect and seize data stored on this IS. + +-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. + +-This IS includes security measures (e.g., authentication and access controls) to protect USG interests -- not for your personal benefit or privacy. + +-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details." + + + False_Positives + + + + False_Negatives + + + + Documentable + false + + + Mitigations + + + + Potential_Impact + + + + Third_Party_Tools + + + + Mitigation_Control + + + + Responsibility + + + + Security_Override_Guidance + + + + Check_Content_Ref + M + + + Weight + 10.0 + + + Class + Unclass + + + STIGRef + Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024 + + + TargetKey + 5551 + + + STIG_UUID + + + + LEGACY_ID + + + + LEGACY_ID + + + + CCI_REF + CCI-000048 + + + CCI_REF + CCI-001384 + + + CCI_REF + CCI-001385 + + + CCI_REF + CCI-001386 + + + CCI_REF + CCI-001387 + + + CCI_REF + CCI-001388 + + Not_Applicable + + + + + + + + \ No newline at end of file diff --git a/libs/hdf-converters/test/mappers/forward/checklist_mapper.spec.ts b/libs/hdf-converters/test/mappers/forward/checklist_mapper.spec.ts index 13367359b6..63de2f6820 100644 --- a/libs/hdf-converters/test/mappers/forward/checklist_mapper.spec.ts +++ b/libs/hdf-converters/test/mappers/forward/checklist_mapper.spec.ts @@ -57,6 +57,34 @@ describe('checklist_mapper_single_stig_with_raw', () => { }); }); +describe('checklist_mapper_with_severity_overrides', () => { + it('Successfully converts Checklists with severity overrides', () => { + const mapper = new ChecklistResults( + fs.readFileSync( + 'sample_jsons/checklist_mapper/sample_input_report/RHEL9_overrides.ckl', + {encoding: 'utf-8'} + ), + true + ); + + // fs.writeFileSync( + // 'sample_jsons/checklist_mapper/checklist-RHEL9_overrides_hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/checklist_mapper/checklist-RHEL9_overrides_hdf.json', + {encoding: 'utf-8'} + ) + ) + ) + ); + }); +}); + describe('checklist_mapper_multi_stig_wrapper', () => { it('Successfully converts Checklists', () => { const mapper = new ChecklistResults( diff --git a/libs/hdf-converters/test/mappers/reverse/checklist_reverse_mapper.spec.ts b/libs/hdf-converters/test/mappers/reverse/checklist_reverse_mapper.spec.ts index c0930c2a8c..c5210f822f 100644 --- a/libs/hdf-converters/test/mappers/reverse/checklist_reverse_mapper.spec.ts +++ b/libs/hdf-converters/test/mappers/reverse/checklist_reverse_mapper.spec.ts @@ -117,3 +117,33 @@ describe('Small RHEL8 HDF file', () => { ); }); }); + +describe('Small RHEL 7 with severity and severity override tags', () => { + it('can be successfully converted from HDF to Checklist', () => { + const mapper = new ChecklistResults( + JSON.parse( + fs.readFileSync( + 'sample_jsons/checklist_mapper/sample_input_report/RHEL7_overrides_hdf.json', + { + encoding: 'utf-8' + } + ) + ) + ); + + // fs.writeFileSync( + // 'sample_jsons/checklist_mapper/converted-rhel7_overrides.ckl', + // mapper.toCkl() + // ); + + const expected = fs.readFileSync( + 'sample_jsons/checklist_mapper/converted-rhel7_overrides.ckl', + 'utf-8' + ); + const converted = mapper.toCkl(); + + expect(converted).toEqual( + expected.replace(/2\.10\.8/gi, hdfConvertersVersion) + ); + }); +}); \ No newline at end of file From 8f80059184e6ce1976327f8632035e1f66fb27c7 Mon Sep 17 00:00:00 2001 From: kemley76 Date: Mon, 17 Jun 2024 10:00:41 -0400 Subject: [PATCH 14/74] ensure severity low and critical get mapped properly in hdf2ckl Signed-off-by: kemley76 --- .../ckl-mapper/checklist-jsonix-converter.ts | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts b/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts index 52972b3f90..2755cfe6dd 100644 --- a/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts +++ b/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts @@ -577,15 +577,20 @@ export class ChecklistJsonixConverter extends JsonixIntermediateConverter< } severityMap(impact: number, severityTag: string): Severity { - if ( - // test if this control has a valid severity tag - severityTag !== Severity.Empty && - (Object.values(Severity) as string[]).includes(severityTag) - ) { - return severityTag as Severity; + // test if this control has a valid severity tag + // and map it to a checklist severity level + switch (severityTag) { + case 'none': + case 'low': + return Severity.Low + case 'medium': + return Severity.Medium + case 'high': + case 'critical': + return Severity.High } - // otherwise, compute severity based on impact + // if no valid severity tag, compute severity based on impact if (impact < 0.4) { return Severity.Low; } else if (impact < 0.7) { From 14312e6f4c09cc220d35f50c081584ac0cc62020 Mon Sep 17 00:00:00 2001 From: kemley76 Date: Mon, 17 Jun 2024 10:37:10 -0400 Subject: [PATCH 15/74] fix fallbacks in ControlRowHeader for showing severity override Signed-off-by: kemley76 --- .../src/components/cards/controltable/ControlRowHeader.vue | 4 ++-- apps/frontend/tests/unit/Results.spec.ts | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue b/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue index 2e36f02282..ffb062f874 100644 --- a/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue +++ b/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue @@ -56,9 +56,9 @@ Severity has been overridden from - {{ control.data.tags['severity'] ?? 'Unknown' }} to + {{ 'severity' in control.data.tags ? control.data.tags['severity'] : 'UNKNOWN' }} to {{ control.data.tags['severityoverride'] }}
Justification: - {{ control.data.tags['severityjustification'] }} { $router }, propsData: { - filter: (wrapper.vm as Vue & {all_filter: Filter}).all_filter, - showImpact: true + filter: (wrapper.vm as Vue & {all_filter: Filter}).all_filter } }); const expected = From 62cedce5e1dcd89596c3c72965f91009e230a265 Mon Sep 17 00:00:00 2001 From: kemley76 Date: Mon, 17 Jun 2024 10:38:29 -0400 Subject: [PATCH 16/74] linting Signed-off-by: kemley76 --- .../cards/controltable/ControlRowHeader.vue | 14 +++++++++++--- .../src/ckl-mapper/checklist-jsonix-converter.ts | 16 ++++++++-------- .../reverse/checklist_reverse_mapper.spec.ts | 2 +- 3 files changed, 20 insertions(+), 12 deletions(-) diff --git a/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue b/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue index ffb062f874..edb38f5c08 100644 --- a/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue +++ b/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue @@ -56,9 +56,17 @@ Severity has been overridden from - {{ 'severity' in control.data.tags ? control.data.tags['severity'] : 'UNKNOWN' }} to - {{ control.data.tags['severityoverride'] }}
Justification: - {{ 'severityjustification' in control.data.tags ? control.data.tags['severityjustification'] : 'UNKNOWN JUSTIFICATION' }}Justification: + {{ + 'severityjustification' in control.data.tags + ? control.data.tags['severityjustification'] + : 'UNKNOWN JUSTIFICATION' + }} { expected.replace(/2\.10\.8/gi, hdfConvertersVersion) ); }); -}); \ No newline at end of file +}); From 87dd363d12e018d83c7506484462064d30568826 Mon Sep 17 00:00:00 2001 From: kemley76 Date: Mon, 17 Jun 2024 14:03:58 -0400 Subject: [PATCH 17/74] split impact and severity into two columns Signed-off-by: kemley76 --- .../cards/controltable/ControlRowHeader.vue | 53 +++++++++++-------- .../cards/controltable/ControlTable.vue | 38 ++++++++++--- .../cards/controltable/ResponsiveRowLarge.vue | 10 +++- .../controltable/ResponsiveRowMedium.vue | 2 + .../cards/controltable/ResponsiveRowSmall.vue | 2 + .../controltable/ResponsiveRowSwitch.vue | 9 ++++ apps/frontend/src/views/Results.vue | 1 - 7 files changed, 82 insertions(+), 33 deletions(-) diff --git a/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue b/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue index edb38f5c08..e8f40d9f18 100644 --- a/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue +++ b/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue @@ -39,18 +39,23 @@ + + @@ -147,7 +154,6 @@ diff --git a/apps/frontend/src/views/Results.vue b/apps/frontend/src/views/Results.vue index df5ee90374..8a4d875dd4 100644 --- a/apps/frontend/src/views/Results.vue +++ b/apps/frontend/src/views/Results.vue @@ -99,6 +99,11 @@ @add-filter="addStatusSearch" @remove-filter="removeStatusFilter" /> + @@ -201,6 +206,7 @@ import EvaluationInfo from '@/components/cards/EvaluationInfo.vue'; import ProfileData from '@/components/cards/ProfileData.vue'; import SeverityChart from '@/components/cards/SeverityChart.vue'; import StatusCardRow from '@/components/cards/StatusCardRow.vue'; +import InfoCardRow from '@/components/cards/InfoCardRow.vue'; import StatusChart from '@/components/cards/StatusChart.vue'; import Treemap from '@/components/cards/treemap/Treemap.vue'; import UploadButton from '@/components/generic/UploadButton.vue'; @@ -245,6 +251,7 @@ import {compare_times} from '../utilities/delta_util'; components: { Base, StatusCardRow, + InfoCardRow, Treemap, ControlTable, StatusChart, @@ -490,6 +497,10 @@ export default class Results extends mixins(RouteMixin, ServerMixin) { this.searchTerm = 'status:"Waived"'; } + showSeverityOverrides() { + this.searchTerm = 'tags:"severityoverride"'; + } + addStatusSearch(status: ExtendedControlStatus) { SearchModule.addSearchFilter({ field: 'status', From 9675b4e9b9f86bc2172467150e5529785cb7a421 Mon Sep 17 00:00:00 2001 From: Kaden Emley Date: Mon, 24 Jun 2024 16:33:02 -0400 Subject: [PATCH 33/74] bring back severity column Signed-off-by: Kaden Emley --- .../cards/controltable/ControlRowHeader.vue | 8 +++ .../cards/controltable/ControlTable.vue | 56 ++++--------------- .../cards/controltable/ResponsiveRowLarge.vue | 8 ++- 3 files changed, 25 insertions(+), 47 deletions(-) diff --git a/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue b/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue index dc99cfd7d8..cf598d29b2 100644 --- a/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue +++ b/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue @@ -81,6 +81,14 @@ + +