STIGQter STIGQter: STIG Summary: VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide

Version: 1

Release: 1 Benchmark Date: 28 Sep 2018

CheckedNameTitle
SV-99003r1_ruleThe SLES for vRealize must provide automated mechanisms for supporting account management functions.
SV-99005r1_ruleThe SLES for vRealize must automatically remove or disable temporary user accounts after 72 hours.
SV-99007r1_ruleThe SLES for vRealize must audit all account creations.
SV-99009r1_ruleIn addition to auditing new user and group accounts, these watches will alert the system administrator(s) to any modifications, any unexpected users, groups, or modifications must be investigated for legitimacy.
SV-99011r1_ruleThe SLES for vRealize must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.
SV-99013r1_ruleThe SLES for vRealize must display the Standard Mandatory DoD Notice and Consent Banner before granting access via SSH.
SV-99015r1_ruleThe SLES for vRealize must limit the number of concurrent sessions to ten for all accounts and/or account types.
SV-99017r1_ruleThe SLES for vRealize must initiate a session lock after a 15-minute period of inactivity for all connection types.
SV-99019r1_ruleThe SLES for vRealize must initiate a session lock after a 15-minute period of inactivity for an SSH connection.
SV-99021r1_ruleThe SLES for vRealize must monitor remote access methods - SSH Daemon.
SV-99023r1_ruleThe SLES for vRealize must implement DoD-approved encryption to protect the confidentiality of remote access sessions - SSH Daemon.
SV-99025r1_ruleThe SLES for vRealize must implement DoD-approved encryption to protect the confidentiality of remote access sessions - SSH Client.
SV-99027r1_ruleThe SLES for vRealize must produce audit records.
SV-99029r1_ruleThe SLES for vRealize must alert the ISSO and SA (at a minimum) in the event of an audit processing failure.
SV-99031r1_ruleThe SLES for vRealize must shut down by default upon audit failure (unless availability is an overriding concern).
SV-99033r1_ruleThe SLES for vRealize must protect audit information from unauthorized read access - ownership.
SV-99035r1_ruleThe SLES for vRealize must protect audit information from unauthorized read access - group ownership.
SV-99037r1_ruleThe SLES for vRealize must protect audit information from unauthorized modification.
SV-99039r1_ruleThe SLES for vRealize must protect audit information from unauthorized deletion.
SV-99041r1_ruleThe SLES for vRealize must protect audit information from unauthorized deletion - log directories.
SV-99043r1_ruleThe SLES for vRealize audit system must be configured to audit all administrative, privileged, and security actions.
SV-99045r1_ruleThe SLES for vRealize audit system must be configured to audit all attempts to alter system time through adjtimex.
SV-99047r1_ruleThe SLES for vRealize audit system must be configured to audit all attempts to alter system time through settimeofday.
SV-99049r1_ruleThe SLES for vRealize audit system must be configured to audit all attempts to alter system time through stime.
SV-99051r1_ruleThe SLES for vRealize audit system must be configured to audit all attempts to alter system time through clock_settime.
SV-99053r1_ruleThe SLES for vRealize audit system must be configured to audit all attempts to alter system time through /etc/localtime.
SV-99055r1_ruleThe SLES for vRealize audit system must be configured to audit all attempts to alter the system through sethostname.
SV-99057r1_ruleThe SLES for vRealize audit system must be configured to audit all attempts to alter the system through setdomainname.
SV-99059r1_ruleThe SLES for vRealize must be configured to audit all attempts to alter the system through sched_setparam.
SV-99061r1_ruleThe SLES for vRealize must be configured to audit all attempts to alter the system through sched_setscheduler.
SV-99063r1_ruleThe SLES for vRealize must be configured to audit all attempts to alter /var/log/faillog.
SV-99065r1_ruleThe SLES for vRealize must be configured to audit all attempts to alter /var/log/lastlog.
SV-99067r1_ruleThe SLES for vRealize must be configured to audit all attempts to alter /var/log/tallylog.
SV-99069r1_ruleThe SLES for vRealize must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - Permissions.
SV-99071r1_ruleThe SLES for vRealize must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - ownership.
SV-99073r1_ruleThe SLES for vRealize must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - group ownership.
SV-99075r1_ruleThe SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The operating system must generate audit records for all discretionary access control permission modifications using chmod.
SV-99077r1_ruleThe SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all discretionary access control permission modifications using chown.
SV-99079r1_ruleThe SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all discretionary access control permission modifications using fchmod.
SV-99081r1_ruleThe SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all discretionary access control permission modifications using fchmodat.
SV-99083r1_ruleThe SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all discretionary access control permission modifications using fchown.
SV-99085r1_ruleThe SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all discretionary access control permission modifications using fchownat.
SV-99087r1_ruleThe SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all discretionary access control permission modifications using fremovexattr.
SV-99089r1_ruleThe SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all discretionary access control permission modifications using fsetxattr.
SV-99091r1_ruleThe SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all discretionary access control permission modifications using lchown.
SV-99093r1_ruleThe SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all discretionary access control permission modifications using lremovexattr.
SV-99095r1_ruleThe SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all discretionary access control permission modifications using lsetxattr.
SV-99097r1_ruleThe SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all discretionary access control permission modifications using removexattr.
SV-99099r1_ruleThe SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all discretionary access control permission modifications using setxattr.
SV-99101r1_ruleThe SLES for vRealize must generate audit records when successful/unsuccessful attempts to access privileges occur. The SLES for vRealize must generate audit records for all failed attempts to access files and programs.
SV-99103r1_ruleThe SLES for vRealize must enforce password complexity by requiring that at least one upper-case character be used.
SV-99105r1_ruleGlobal settings defined in common- {account,auth,password,session} must be applied in the pam.d definition files.
SV-99107r1_ruleThe SLES for vRealize must enforce password complexity by requiring that at least one lower-case character be used.
SV-99109r1_ruleThe SLES for vRealize must enforce password complexity by requiring that at least one numeric character be used.
SV-99111r1_ruleThe SLES for vRealize must require the change of at least eight of the total number of characters when passwords are changed.
SV-99113r1_ruleThe SLES for vRealize must store only encrypted representations of passwords.
SV-99115r1_ruleSLES for vRealize must enforce 24 hours/1 day as the minimum password lifetime.
SV-99117r1_ruleUsers must not be able to change passwords more than once every 24 hours.
SV-99119r1_ruleSLES for vRealize must enforce a 60-day maximum password lifetime restriction.
SV-99121r1_ruleUser passwords must be changed at least every 60 days.
SV-99123r1_ruleThe SLES for vRealize must prohibit password reuse for a minimum of five generations.
SV-99125r1_ruleThe SLES for vRealize must prohibit password reuse for a minimum of five generations. Ensure the old passwords are being stored.
SV-99127r1_ruleThe SLES for vRealize must enforce a minimum 15-character password length.
SV-99129r1_ruleThe SLES for vRealize must require root password authentication upon booting into single-user mode.
SV-99131r1_ruleBootloader authentication must be enabled to prevent users without privilege to gain access restricted file system resources.
SV-99133r1_ruleThe SLES for the vRealize boot loader configuration file(s) must have mode 0600 or less permissive.
SV-99135r1_ruleThe SLES for the vRealize boot loader configuration files must be owned by root.
SV-99137r1_ruleThe SLES for the vRealize boot loader configuration file(s) must be group-owned by root, bin, sys, or system.
SV-99139r1_ruleThe Bluetooth protocol handler must be disabled or not installed.
SV-99141r1_ruleThe SLES for vRealize must have USB Mass Storage disabled unless needed.
SV-99143r1_ruleThe SLES for vRealize must have USB disabled unless needed.
SV-99145r1_ruleThe telnet-server package must not be installed.
SV-99147r1_ruleThe rsh-server package must not be installed.
SV-99149r1_ruleThe ypserv package must not be installed.
SV-99151r1_ruleThe yast2-tftp-server package must not be installed.
SV-99153r1_ruleThe Datagram Congestion Control Protocol (DCCP) must be disabled unless required.
SV-99155r1_ruleThe Stream Control Transmission Protocol (SCTP) must be disabled unless required.
SV-99157r1_ruleThe Reliable Datagram Sockets (RDS) protocol must be disabled or not installed unless required.
SV-99159r1_ruleThe Transparent Inter-Process Communication (TIPC) must be disabled or not installed.
SV-99161r1_ruleThe xinetd service must be disabled if no network services utilizing it are enabled.
SV-99163r1_ruleThe ypbind service must not be running if no network services utilizing it are enabled.
SV-99165r1_ruleNIS/NIS+/yp files must be owned by root, sys, or bin.
SV-99167r1_ruleThe NIS/NIS+/yp command files must have mode 0755 or less permissive.
SV-99169r1_ruleThe SLES for vRealize must not use UDP for NIS/NIS+.
SV-99171r1_ruleNIS maps must be protected through hard-to-guess domain names.
SV-99173r1_ruleMail relaying must be restricted.
SV-99175r1_ruleThe alias files must be owned by root.
SV-99177r1_ruleThe alias files must be group-owned by root, or a system group.
SV-99179r1_ruleThe alias files must have mode 0644 or less permissive.
SV-99181r1_ruleFiles executed through a mail aliases file must be owned by root and must reside within a directory owned and writable only by root.
SV-99183r1_ruleFiles executed through a mail aliases file must be group-owned by root, bin, sys, or system, and must reside within a directory group-owned by root, bin, sys, or system.
SV-99185r1_ruleFiles executed through a mail aliases file must have mode 0755 or less permissive.
SV-99187r1_ruleSendmail logging must not be set to less than nine in the sendmail.cf file.
SV-99189r1_ruleThe system syslog service must log informational and more severe SMTP service messages.
SV-99191r1_ruleThe SMTP service log files must be owned by root.
SV-99193r1_ruleThe SMTP service log file must have mode 0644 or less permissive.
SV-99195r1_ruleThe SMTP service HELP command must not be enabled.
SV-99197r1_ruleThe SMTP services SMTP greeting must not provide version information.
SV-99199r1_ruleThe SMTP service must not use .forward files.
SV-99201r1_ruleThe SMTP service must not have the EXPN feature active.
SV-99203r1_ruleThe SMTP service must not have the VRFY feature active.
SV-99205r1_ruleThe Lightweight User Datagram Protocol (UDP-Lite) must be disabled unless required.
SV-99207r1_ruleThe Internetwork Packet Exchange (IPX) protocol must be disabled or not installed.
SV-99209r1_ruleThe AppleTalk protocol must be disabled or not installed.
SV-99211r1_ruleThe DECnet protocol must be disabled or not installed.
SV-99213r1_ruleProxy Neighbor Discovery Protocol (NDP) must not be enabled on SLES for vRealize.
SV-99215r1_ruleThe SLES for vRealize must not have 6to4 enabled.
SV-99217r1_ruleThe SLES for vRealize must not have Teredo enabled.
SV-99219r1_ruleThe DHCP client must be disabled if not needed.
SV-99221r1_ruleThe SLES for vRealize must have IEEE 1394 (Firewire) disabled unless needed.
SV-99223r1_ruleDuplicate User IDs (UIDs) must not exist for users within the organization.
SV-99225r1_ruleThe SLES for vRealize must prevent direct logon into the root account.
SV-99227r1_ruleThe SLES for vRealize must enforce SSHv2 for network access to privileged accounts.
SV-99229r1_ruleThe SLES for vRealize must enforce SSHv2 for network access to non-privileged accounts.
SV-99231r1_ruleThe SLES for vRealize must disable account identifiers of individuals and roles (such as root) after 35 days of inactivity after password expiration.
SV-99233r1_ruleThe SLES for vRealize must use mechanisms meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.
SV-99235r1_ruleThe SLES for vRealize must uniquely identify and must authenticate non-organizational users (or processes acting on behalf of non-organizational users).
SV-99237r1_ruleThe SLES for vRealize must uniquely identify and must authenticate non-organizational users (or processes acting on behalf of non-organizational users).
SV-99239r1_ruleThe SLES for vRealize must be configured such that emergency administrator accounts are never automatically removed or disabled.
SV-99241r1_ruleThe SLES for vRealize must employ strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.
SV-99243r1_ruleThe SLES for vRealize must terminate all sessions and network connections related to nonlocal maintenance when nonlocal maintenance is completed.
SV-99245r1_ruleThe SLES for vRealize must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks.
SV-99247r1_ruleThe SLES for vRealize must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks.
SV-99249r1_ruleThe SLES for vRealize must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity; and for user sessions (non-privileged session), the session must be terminated after 15 minutes of inactivity, except to fulfill documented and validated mission requirements.
SV-99251r1_ruleThe /var/log directory must be group-owned by root.
SV-99253r1_ruleThe /var/log directory must be owned by root.
SV-99255r1_ruleThe /var/log directory must have mode 0750 or less permissive.
SV-99257r1_ruleThe /var/log/messages file must be group-owned by root.
SV-99259r1_ruleThe /var/log/messages file must be owned by root.
SV-99261r1_ruleThe /var/log/messages file must have mode 0640 or less permissive.
SV-99263r1_ruleThe SLES for vRealize must reveal error messages only to authorized users.
SV-99265r1_ruleThe SLES for vRealize must reveal error messages only to authorized users.
SV-99267r1_ruleThe SLES for vRealize must reveal error messages only to authorized users.
SV-99269r1_ruleAny publically accessible connection to the SLES for vRealize must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system.
SV-99271r1_ruleThe SLES for vRealize must audit all account modifications.
SV-99273r1_ruleThe SLES for vRealize must audit all account modifications.
SV-99275r1_ruleThe SLES for vRealize must audit all account-disabling actions.
SV-99277r1_ruleThe SLES for vRealize must audit all account removal actions.
SV-99279r1_ruleThe SLES for vRealize must implement cryptography to protect the integrity of remote access sessions.
SV-99281r1_ruleThe SLES for vRealize must initiate session audits at system start-up.
SV-99283r1_ruleThe SLES for vRealize must produce audit records containing information to establish the identity of any individual or process associated with the event.
SV-99285r1_ruleThe SLES for vRealize must protect audit tools from unauthorized access.
SV-99287r1_ruleThe SLES for vRealize must protect audit tools from unauthorized modification.
SV-99289r1_ruleThe SLES for vRealize must protect audit tools from unauthorized deletion.
SV-99291r1_ruleThe SLES for vRealize must enforce password complexity by requiring that at least one special character be used.
SV-99293r1_ruleThe SLES for vRealize must notify System Administrators and Information Systems Security Officer when accounts are created.
SV-99295r1_ruleThe SLES for vRealize must notify System Administrators and Information System Security Officers when accounts are modified.
SV-99297r1_ruleThe SLES for vRealize must notify System Administrators and Information System Security Officers when accounts are disabled.
SV-99299r1_ruleThe SLES for vRealize must notify System Administrators and Information System Security Officers when accounts are removed.
SV-99301r1_ruleThe SLES for vRealize must use cryptographic mechanisms to protect the integrity of audit tools.
SV-99303r1_ruleThe SLES for vRealize must automatically terminate a user session after inactivity time-outs have expired or at shutdown.
SV-99305r1_ruleThe SLES for vRealize must control remote access methods.
SV-99307r1_ruleThe SLES for vRealize must audit all account enabling actions.
SV-99309r1_ruleThe SLES for vRealize must notify System Administrators and Information System Security Officers when accounts are created, or enabled when previously disabled.
SV-99311r1_ruleThe SLES for vRealize must audit the execution of privileged functions.
SV-99313r1_ruleThe SLES for vRealize must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes occur.
SV-99315r1_ruleThe SLES for vRealize must off-load audit records onto a different system or media from the system being audited.
SV-99317r1_ruleThe SLES for vRealize must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity.
SV-99319r1_ruleThe SLES for vRealize must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events requiring real-time alerts.
SV-99321r1_ruleThe SLES for vRealize must, for networked systems, compare internal information system clocks at least every 24 hours with a server which is synchronized to one of the redundant United States Naval Observatory (USNO) time servers, or a time server designated for the appropriate DoD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS).
SV-99323r1_ruleThe time synchronization configuration file (such as /etc/ntp.conf) must be owned by root.
SV-99325r1_ruleThe time synchronization configuration file (such as /etc/ntp.conf) must be group-owned by root, bin, sys, or system.
SV-99327r1_ruleThe time synchronization configuration file (such as /etc/ntp.conf) must have mode 0640 or less permissive.
SV-99329r1_ruleThe SLES for vRealize must synchronize internal information system clocks to the authoritative time source when the time difference is greater than one second.
SV-99331r1_ruleThe SLES for vRealize must notify designated personnel if baseline configurations are changed in an unauthorized manner.
SV-99333r1_ruleThe SLES for vRealize must audit the enforcement actions used to restrict access associated with changes to the system.
SV-99335r1_ruleThe RPM package management tool must cryptographically verify the authenticity of all software packages during installation.
SV-99337r1_ruleThe SLES for vRealize must audit all activities performed during nonlocal maintenance and diagnostic sessions.
SV-99339r1_ruleThe SLES for vRealize must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications, when used for nonlocal maintenance sessions.
SV-99341r1_ruleThe SLES for vRealize must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications, when used for nonlocal maintenance sessions.
SV-99343r1_ruleThe SLES for vRealize must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
SV-99345r1_ruleThe SLES for vRealize must protect the confidentiality and integrity of transmitted information.
SV-99347r1_ruleThe SLES for vRealize must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS).
SV-99349r1_ruleThe SLES for vRealize must implement non-executable data to protect its memory from unauthorized code execution.
SV-99351r1_ruleThe SLES for vRealize must implement address space layout randomization to protect its memory from unauthorized code execution.
SV-99353r1_ruleThe SLES for vRealize must shut down the information system, restart the information system, and/or notify the system administrator when anomalies in the operation of any security functions are discovered.
SV-99355r1_ruleThe SLES for vRealize must generate audit records when successful/unsuccessful attempts to access security objects occur.
SV-99357r1_ruleThe SLES for vRealize must generate audit records when successful/unsuccessful attempts to access categories of information (e.g., classification levels) occur.
SV-99359r1_ruleThe SLES for vRealize must generate audit records when successful/unsuccessful attempts to modify privileges occur.
SV-99361r1_ruleThe SLES for vRealize must generate audit records when successful/unsuccessful attempts to modify security objects occur.
SV-99363r1_ruleThe SLES for vRealize must generate audit records when successful/unsuccessful attempts to modify categories of information (e.g., classification levels) occur.
SV-99365r1_ruleThe SLES for vRealize must generate audit records when successful/unsuccessful attempts to delete privileges occur.
SV-99367r1_ruleThe SLES for vRealize must generate audit records when successful/unsuccessful attempts to delete security levels occur.
SV-99369r1_ruleThe SLES for vRealize must generate audit records when successful/unsuccessful attempts to delete security objects occur.
SV-99371r1_ruleThe SLES for vRealize must generate audit records when successful/unsuccessful logon attempts occur.
SV-99373r1_ruleThe SLES for vRealize must generate audit records for privileged activities or other system-level access.
SV-99375r1_ruleThe SLES for vRealize audit system must be configured to audit the loading and unloading of dynamic kernel modules.
SV-99377r1_ruleThe SLES for vRealize must generate audit records showing starting and ending time for user access to the system.
SV-99379r1_ruleThe SLES for vRealize must generate audit records when concurrent logons to the same account occur from different sources.
SV-99381r1_ruleThe SLES for vRealize must generate audit records when successful/unsuccessful accesses to objects occur.
SV-99383r1_ruleThe SLES for vRealize audit system must be configured to audit failed attempts to access files and programs.
SV-99385r1_ruleThe SLES for vRealize audit system must be configured to audit failed attempts to access files and programs.
SV-99387r1_ruleThe SLES for vRealize audit system must be configured to audit failed attempts to access files and programs.
SV-99389r1_ruleThe SLES for vRealize audit system must be configured to audit failed attempts to access files and programs.
SV-99391r1_ruleThe SLES for vRealize audit system must be configured to audit failed attempts to access files and programs.
SV-99393r1_ruleThe SLES for vRealize audit system must be configured to audit user deletions of files and programs.
SV-99395r1_ruleThe SLES for vRealize audit system must be configured to audit file deletions.
SV-99397r1_ruleAudit logs must be rotated daily.
SV-99399r1_ruleThe SLES for vRealize must generate audit records for all direct access to the information system.
SV-99401r1_ruleThe SLES for vRealize must generate audit records for all account creations, modifications, disabling, and termination events.
SV-99403r1_ruleThe SLES for vRealize must generate audit records for all kernel module load, unload, and restart actions, and also for all program initiations.
SV-99405r1_ruleThe SLES for vRealize must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
SV-99407r1_ruleThe SLES for vRealize must, at a minimum, off-load interconnected systems in real time and off-load standalone systems weekly.
SV-99409r1_ruleThe SLES for vRealize must prevent the use of dictionary words for passwords.
SV-99411r1_ruleThe SLES for vRealize must prevent the use of dictionary words for passwords.
SV-99413r1_ruleThe SLES for vRealize must prevent the use of dictionary words for passwords.
SV-99415r1_ruleThe SLES for vRealize must enforce a delay of at least 4 seconds between logon prompts following a failed logon attempt.
SV-99417r1_ruleThe SLES for vRealize must enforce a delay of at least 4 seconds between logon prompts following a failed logon attempt.
SV-99419r1_ruleThe SLES for vRealize must enforce a delay of at least 4 seconds between logon prompts following a failed logon attempt.
SV-99421r1_ruleThe SLES for vRealize must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.
SV-99423r1_ruleThe SLES for vRealize must define default permissions for all authenticated users in such a way that the user can only read and modify their own files.