| OS10-NDM-000010 - The Dell OS10 Switch must limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type. | ACCESS CONTROL |
| OS10-NDM-000100 - The Dell OS10 Switch must be configured to assign appropriate user roles or access levels to authenticated users. | ACCESS CONTROL |
| OS10-NDM-000110 - The Dell OS10 Switch must enforce approved authorizations for controlling the flow of management information within the network device based on information flow control policies. | ACCESS CONTROL |
| OS10-NDM-000120 - The Dell OS10 Switch must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must block any login attempt for 15 minutes. | ACCESS CONTROL |
| OS10-NDM-000130 - The Dell OS10 device must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the device. | ACCESS CONTROL |
| OS10-NDM-000150 - The Dell OS10 Switch must protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by nonrepudiation. | AUDIT AND ACCOUNTABILITY |
| OS10-NDM-000180 - The Dell OS10 Switch must initiate session auditing upon startup. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| OS10-NDM-000320 - The Dell OS10 Switch must prevent the installation of patches, service packs, or application components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization. | CONFIGURATION MANAGEMENT |
| OS10-NDM-000340 - The Dell OS10 Switch must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services. | CONFIGURATION MANAGEMENT |
| OS10-NDM-000350 - The Dell OS10 Switch must be configured to disable the Bash shell. | CONFIGURATION MANAGEMENT |
| OS10-NDM-000360 - The Dell OS10 Switch must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable. | ACCESS CONTROL |
| OS10-NDM-000370 - The Dell OS10 Switch must be configured to use DOD PKI as multifactor authentication (MFA) for interactive logins. | IDENTIFICATION AND AUTHENTICATION |
| OS10-NDM-000390 - The Dell OS10 Switch must implement replay-resistant authentication mechanisms for network access to privileged accounts. | IDENTIFICATION AND AUTHENTICATION |
| OS10-NDM-000400 - The Dell OS10 Switch must enforce a minimum 15-character password length. | IDENTIFICATION AND AUTHENTICATION |
| OS10-NDM-000410 - The Dell OS10 Switch must enforce password complexity by requiring that at least one uppercase character be used. | IDENTIFICATION AND AUTHENTICATION |
| OS10-NDM-000420 - The Dell OS10 Switch must enforce password complexity by requiring that at least one lowercase character be used. | IDENTIFICATION AND AUTHENTICATION |
| OS10-NDM-000430 - The Dell OS10 Switch must enforce password complexity by requiring that at least one numeric character be used. | IDENTIFICATION AND AUTHENTICATION |
| OS10-NDM-000440 - The Dell OS10 Switch must enforce password complexity by requiring that at least one special character be used. | IDENTIFICATION AND AUTHENTICATION |
| OS10-NDM-000480 - The Dell OS10 Switch must be configured to use DOD-approved OCSP responders or CRLs to validate certificates used for PKI-based authentication. | IDENTIFICATION AND AUTHENTICATION |
| OS10-NDM-000490 - The Dell OS10 Switch, for PKI-based authentication, must be configured to map validated certificates to unique user accounts. | AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| OS10-NDM-000510 - The Dell OS10 Switch must use FIPS 140-2 approved algorithms for authentication to a cryptographic module. | IDENTIFICATION AND AUTHENTICATION |
| OS10-NDM-000530 - The Dell OS10 Switch must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after five minutes of inactivity except to fulfill documented and validated mission requirements. | CONFIGURATION MANAGEMENT, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| OS10-NDM-000640 - The Dell OS10 Switch must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| OS10-NDM-000670 - The Dell OS10 Switch must generate an immediate real-time alert of all audit failure events requiring real-time alerts. | AUDIT AND ACCOUNTABILITY |
| OS10-NDM-000680 - The Dell OS10 Switch must be configured to synchronize internal information system clocks using redundant authoritative time sources. | AUDIT AND ACCOUNTABILITY |
| OS10-NDM-000740 - The Dell OS10 Switch must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC). | IDENTIFICATION AND AUTHENTICATION |
| OS10-NDM-000750 - The Dell OS10 Switch must authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based. | IDENTIFICATION AND AUTHENTICATION |
| OS10-NDM-000760 - The Dell OS10 Switch must prohibit the use of cached authenticators after an organization-defined time period. | IDENTIFICATION AND AUTHENTICATION |
| OS10-NDM-000780 - The Dell OS10 Switch must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of nonlocal maintenance and diagnostic communications. | MAINTENANCE |
| OS10-NDM-000790 - The Dell OS10 Switch must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions. | MAINTENANCE |
| OS10-NDM-000800 - The Dell OS10 Switch must be configured to protect against known types of denial-of-service (DoS) attacks by employing organization-defined security safeguards. | SYSTEM AND COMMUNICATIONS PROTECTION |
| OS10-NDM-000810 - The application must install security-relevant firmware updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs). | SYSTEM AND INFORMATION INTEGRITY |
| OS10-NDM-000910 - The Dell OS10 Switch must generate log records for a locally developed list of auditable events. | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| OS10-NDM-000920 - The Dell OS10 Switch must enforce access restrictions associated with changes to the system components. | CONFIGURATION MANAGEMENT |
| OS10-NDM-000930 - The Dell OS10 Switch must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access. | CONFIGURATION MANAGEMENT |
| OS10-NDM-000960 - The Dell OS10 Switch must obtain its public key certificates from an appropriate certificate policy through an approved service provider. | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| OS10-NDM-000970 - The Dell OS10 Switch must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO). | AUDIT AND ACCOUNTABILITY |
| OS10-NDM-000980 - The Dell OS10 Switch must be running an operating system release that is currently supported by Dell. | CONFIGURATION MANAGEMENT |
| OS10-NDM-001070 - The Dell OS10 Switch must not have any default manufacturer passwords when deployed. | IDENTIFICATION AND AUTHENTICATION |
